Business must do more to limit exposure of data in the cloud
February 2019, IT infrastructure, Cyber Security
Organisations should pay closer attention to security concerns associated with storing data in the cloud as configuration errors together with cloud threats pose a significant and ever-increasing risk to enterprise data, says Nompumelelo Mdima, McAfee Business Development Manager at Axiz Advanced Technologies.
“While cloud services offer business the advantages of scalability, business continuity, collaboration efficiency and flexibility of work practices, it is equally important to appreciate that data in the cloud is more exposed than many organisations realise,” notes Mdima.
According the most recent Cloud Adoption and Risk Report released by McAfee, nearly a quarter of the data in the cloud can be categorised as sensitive, putting an organisation at risk if it is stolen or leaked. The report also revealed that the sharing of sensitive data with an open, publicly accessible link, increased by 23% year-on-year. In addition, the average enterprise experiences more than 2200 misconfiguration incidents per month in their infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) instances.
Mdima says the data highlights the need for business to deploy cloud security solutions that span the entire cloud spectrum as cloud service providers only cover the security of the cloud itself, not customer data or customer use of their infrastructure and platforms. “It is imperative that business adopt a cloud strategy that includes data loss protection, configuration audits, and collaboration controls to properly protect their data. Not doing so also has consequences through noncompliance with internal and external regulations.”
Organisations need to first understand which cloud services are in use, which data is sensitive, and how it being stored and used as a first step to mitigating risk. “Armed with a clear and coherent overview, suitable security policies can be put in place to prohibit sensitive data from being stored in unapproved cloud services and guard against noncompliant sharing of data via email or through a publicly accessible link,” says Mdima.
The McAfee report, which analysed billions of events in anonymised cloud use, also found that most threats to data in the cloud result from compromised accounts and insider threats. “A sound security policy should also have protocols for identifying irregular behaviour, for instance when a user accesses the cloud from separate locations simultaneously, so that a comprised account can be dealt with immediately,” adds Mdima.
“In order accelerate their business, organisations should look to cloud-native and frictionless ways to defend against security threats. Proactively addressing security responsibilities before there’s an incident remains the best way mitigate risk and safeguard what is very often a company’s most valuable asset – its data.”
- 2019 Internet of Things (IoT) Barometer
March 2019, This Week's Editor's Pick, Integrated Solutions, IT infrastructure
A majority of businesses that use IoT technology agree that it has either disrupted their industry or will do so in the next five years.
- Halt, who goes there?
March 2019, Technews Publishing, Wolfpack Information Risk, This Week's Editor's Pick, Cyber Security
As long as organisations treat their physical and cyber domains as separate, there is little hope of securing either one.
- IoT is convergence in action
March 2019, Gijima Electronic and Security Systems (GESS), NEC XON, Technews Publishing, Axiz, G4S South Africa, This Week's Editor's Pick, Cyber Security, Integrated Solutions, IT infrastructure
The Internet of Things gains more than enough attention these days, but the IoT demonstrates the reality of the convergence between the physical and cyber worlds, and physical security is part of it.
- Stop hacking of access control systems
March 2019, This Week's Editor's Pick, Access Control & Identity Management, Cyber Security
Think someone hacking your access control system not a big deal? Scott Lindley suggests that you think again.
- New cybersecurity pavilion for Securex 2019
March 2019, Securex South Africa , This Week's Editor's Pick, Cyber Security, News, Conferences & Events, Training & Education
Securex South Africa 2019 has announced that 4Sight Technologies, a subsidiary of an international holdings company focusing on investing in Industry 4.0 companies, has signed on as the official sponsor ...
- Managed IT security solution
March 2019, Cyber Security, IT infrastructure, Products
The LanDynamix fully managed IT security stack ensures that all the main attack vectors typically used by hackers to breach a network are protected and proactively monitored.
- Top five security trends to look out for in 2019
March 2019, Genetec, CCTV, Surveillance & Remote Monitoring, Cyber Security
From the continued focus on cybersecurity to the acquisition of global players, Genetec highlights the top five security trends to look forward to in 2019.
- Securing IoT, step by step
March 2019, IT infrastructure, Cyber Security
Kaspersky Lab joins forces with industry leaders to deliver actionable technical guidance for multiple IoT stakeholders.
- The legalities of the digital signature
March 2019, This Week's Editor's Pick, Cyber Security, Security Services & Risk Management
Electronic signatures and digital signatures differ significantly; it is critical that organisations recognise the legal implications of the electronic signature and the risk of fraud.
- Security on a chip
March 2019, News, IT infrastructure
New converged solution by G+D Mobile Security integrates SIM and other security applications on a single chip.
- Intelligent storage solutions
March 2019, IT infrastructure
New, intelligent storage strategies vital as tighter data security regulations put pressure on businesses.
- As-a-Service solutions boost information security
March 2019, IT infrastructure
The emerging concept of Everything-as-a-Service (XaaS) makes advanced technologies and solutions more cost effective and available to a broader spectrum of business.