More than half of companies that use cloud services have suffered from a data breach, according to a new report. The report finds that the data breaches are a result of widely dispersed in the cloud that are beyond enterprise control.
The Enterprise Supernova: The Data Dispersion Cloud Adoption and Risk Report was conducted by cybersecurity company McAfee and based off of 1,000 enterprise organization responses in 11 countries.
“The force of the cloud is unstoppable, and the dispersion of data creates new opportunities for both growth and risk,” said Rajiv Gupta, senior vice president of cloud services at McAfee. “Security that is data-centric, creating a spectrum of controls from the device, through the web, into the cloud, and within the cloud provides the opportunity to break the paradigm of yesterday’s network-centric protection that is not sufficient for today’s cloud-first needs.”
According to the report, 52% of companies that use cloud services have had user data stolen in a breach, one in four companies had their sensitive data downloaded from the cloud to an unmanaged personal device, and companies that are monitoring their cloud services with data loss prevention see an average of 45,737 incidents each month.
The report also found that shadow IT continues to expand enterprise risk, because 91% of cloud services don’t encrypt data at rest, 79% of companies allow access to enterprise-approved cloud services from personal devices, which increases the chances of a breach.
In addition, intercloud travel opens new paths to risk, and 93% of CISOs know it’s their responsibility to secure data in the cloud.
McAfee believes there is a new horizon for data protection, one that will start with the device and go through the network to the cloud edge. This new protection will include cloud context, device context, web context, and visibility and control, the company explained.
“The force of the cloud is unstoppable, and the dispersion of data creates new opportunities for both growth and risk. Security that draws closer to data—creating a spectrum of controls from the device, through the web, and to a new cloud edge—provides the opportunity to break the paradigm of network-centric protection,” the report stated.
Some recommendations McAfee provides for protecting data include: evaluating data protection strategy for devices and the cloud; investigate shadow IT; and planning for the future.