The dark side of the cloud: improper sharing and access, most cloud-related security incidents, study shows

Reading time: 4 min
Share this Share on email Share on twitter Share on linkedin Share on facebook

With cloud adoption becoming a reality for companies, most admit having experienced cloud security incidents - 59% reported incidents related to unwanted external sharing and 47% reported incidents involving access from unauthorized devices, a survey shows.

Cloud data synced to lost/stolen devices, compromise of employee credentials and malicious insiders were also reported problems, but by less than a third of respondents (32%, 28%, 22% respectively).

Regarding actions they have taken because of concerns that their cloud supplier will be compromised, 61% reported they purchased from suppliers that encrypt data at rest. Some 35% of respondents said they used third-party cloud encryption products. However, a quarter reported that they prohibit cloud apps and 17% reported that they did nothing to mitigate these concerns.

According to the survey, confidence in cloud vendors seems to be growing as concerns about the cloud app vendors being compromised was mild. Some 67 percent of respondents were moderately or not at all concerned about their cloud application vendors being compromised, yet 25% still prohibit cloud apps.

Security professionals also reported security policies in place at their organizations for sanctioned cloud applications. The most common responses were file sharing controls, data leakage prevention policies, and IP address controls to force corporate network access (56%, 50% and 40% respectively), the study shows. Forty percent also reported that they used cloud encryption, 39 percent reported differentiated access controls for managed vs unmanaged devices, and 32 percent utilize user behavior analytics and suspicious activity detection. Thirteen percent reported that they had no such security policies in place.

Some 55% of security professionals said cloud app vendors shouldn’t be forced to cooperate with government and law enforcement investigation by providing access to encrypted cloud data. Some 35% reported that they should.

Cloud Security Alliance and Bitglass conducted a survey of 176 IT security leaders.

Gartner recently predicted that the cloud will most commonly be used in a hybrid manner by 2020, according to a report cited by Business Insights, emphasizing that operating entirely off the cloud will largely disappear by the end of the decade.

Cloud adoption and the widespread use of hybrid infrastructures will bring unknown security challenges that CIOs have to prevent by adopting breakthrough technologies able to fight zero-day exploits, Advanced Persistent Threats, and other devastating types of cybercrime.

"Information security teams and infrastructure must adapt to support emerging digital business requirements, and simultaneously deal with the increasingly advanced threat environment," said Neil MacDonald, vice president and Gartner Fellow Emeritus, as cited by Business Insights. "Security and risk leaders need to fully engage with the latest technology trends if they are to define, achieve and maintain effective security and risk management programs that simultaneously enable digital business opportunities and manage risk."

Bitdefender has solved the technical challenges of creating a solution to the root problem, giving datacenter owners the ability to know what they don’t know, and act on information from below the operating system. It is the only security company that provides security at the ring-1 level.

 continuous sec