Enterprises continue to feed their clouds with increasingly sensitive information, yet according to McAfee’s latest report the security issues are building alongside this trend.
The study, titled ‘Enterprise Supernova: The Data Dispersion Cloud Adoption and Risk Report’, polled 1,000 enterprises across 11 countries, as well as logging anonymous data from 30 million enterprise cloud users.
More than a quarter (26%) of the files analysed in the cloud now contain sensitive data, a rise of 23% year over year. Yet security is yet to catch up. 91% of cloud services analysed do not encrypt data at rest, while one in five respondents said they lacked visibility into what data resides in their cloud applications.
Enterprises are utilising initiatives such as data loss protection (DLP); indeed, on average companies polled saw more than 45,000 incidents per month. Yet only a third (37%) say they are utilising DLP. Almost four in five (79%) of those polled said they allowed access to enterprise-approved cloud services from personal devices. A quarter of companies admitted they had sensitive data downloaded from the cloud to an unmanaged personal device.
This is the situation at many organisations and is, to not put too fine a point on it, a mess. “Security and risk management professionals are left with a patchwork of controls at the device, network, and cloud – with significant gaps in visibility to their data,” the report noted. “Living with these gaps and the patchwork of security born out of the network is an open invitation to breach attempts and non-compliance.”