Business must do more to limit exposure of data in the cloud

February 2019 IT infrastructure, Cyber Security

Organisations should pay closer attention to security concerns associated with storing data in the cloud as configuration errors together with cloud threats pose a significant and ever-increasing risk to enterprise data, says Nompumelelo Mdima, McAfee Business Development Manager at Axiz Advanced Technologies.

Nompumelelo Mdima.
Nompumelelo Mdima.

“While cloud services offer business the advantages of scalability, business continuity, collaboration efficiency and flexibility of work practices, it is equally important to appreciate that data in the cloud is more exposed than many organisations realise,” notes Mdima.

According the most recent Cloud Adoption and Risk Report released by McAfee, nearly a quarter of the data in the cloud can be categorised as sensitive, putting an organisation at risk if it is stolen or leaked. The report also revealed that the sharing of sensitive data with an open, publicly accessible link, increased by 23% year-on-year. In addition, the average enterprise experiences more than 2200 misconfiguration incidents per month in their infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) instances.

Mdima says the data highlights the need for business to deploy cloud security solutions that span the entire cloud spectrum as cloud service providers only cover the security of the cloud itself, not customer data or customer use of their infrastructure and platforms. “It is imperative that business adopt a cloud strategy that includes data loss protection, configuration audits, and collaboration controls to properly protect their data. Not doing so also has consequences through noncompliance with internal and external regulations.”

Organisations need to first understand which cloud services are in use, which data is sensitive, and how it being stored and used as a first step to mitigating risk. “Armed with a clear and coherent overview, suitable security policies can be put in place to prohibit sensitive data from being stored in unapproved cloud services and guard against noncompliant sharing of data via email or through a publicly accessible link,” says Mdima.

The McAfee report, which analysed billions of events in anonymised cloud use, also found that most threats to data in the cloud result from compromised accounts and insider threats. “A sound security policy should also have protocols for identifying irregular behaviour, for instance when a user accesses the cloud from separate locations simultaneously, so that a comprised account can be dealt with immediately,” adds Mdima.

“In order accelerate their business, organisations should look to cloud-native and frictionless ways to defend against security threats. Proactively addressing security responsibilities before there’s an incident remains the best way mitigate risk and safeguard what is very often a company’s most valuable asset – its data.”


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

The 4th Industrial Revolution
July 2019, Wolfpack Information Risk , Editor's Choice, Cyber Security, Security Services & Risk Management, Industrial (Industry)
Most major industries have turned to and are reliant on technology to run their operations. This is a time of great promise, but also one of frightening peril.

Data protection more challenging
July 2019 , Editor's Choice, IT infrastructure
The number of businesses unable to recover data after an incident nearly doubled from 2016, according to the Global Data Protection Index surveying 2 200 IT decision makers from 18 countries.

Four essential cloud security concepts
July 2019 , Cyber Security, IT infrastructure
Security is a critical a component of any cloud environment, but to be effective, it needs to be as agile and dynamic as the cloud infrastructure being protected.

Cyber-attacks target operational technology
July 2019 , Editor's Choice, Cyber Security, Industrial (Industry)
Focus on operational technology security increasing as around 74% of OT organisations come under attack in the past year, finds a new Fortinet report.

The world’s tiniest TPM
July 2019 , IT infrastructure, Industrial (Industry)
The Trusted Computing Group (TCG) launched a new project to create the 'world’s tiniest Trusted Platform Module (TPM)'.

Industrial cybersecurity delivers ROI
July 2019, Kaspersky Lab , Industrial (Industry), Cyber Security
Industrial company achieves 368% ROI with Kaspersky Industrial CyberSecurity reveals global research and advisory firm.

SA industrial facilities at risk of cyber attacks
July 2019 , Industrial (Industry), Cyber Security
With international analysts warning of a growing risk of cyber war, sabotage and espionage impacting industrial and mining facilities, South African stakeholders must step up their efforts to mitigate risk.

Critical vulnerabilities in smart home controller
July 2019, Kaspersky Lab , Home Security, Cyber Security
Kaspersky researchers investigating the control device for an active smart home ecosystem have identified several critical vulnerabilities.

Where are your crown jewels?
June 2019, Wolfpack Information Risk , Commercial (Industry), Cyber Security, Security Services & Risk Management
Understanding what data they store and analyse is gaining increasing urgency for organisations that are now accountable to new(ish) privacy regulations such as the GDPR and our PoPIA.

A platform to the future
June 2019, Genetec, Cathexis Technologies, Milestone Systems, Gijima Electronic and Security Systems (GESS) , Integrated Solutions, CCTV, Surveillance & Remote Monitoring, IT infrastructure
With AI, IoT and cloud changing the security technology landscape, will your security management platform be able to adapt to new demands?