This week the cybersecurity company McAfee released the Cloud Adoption and Risk Report which analyzes anonymized cloud use to report on the current state on cloud development and risks surrounding it.
The report found that companies experience an average of 2200 misconfiguration incidents per month in their infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) instances. Their findings demonstrate that:
“Twenty-two percent of cloud users share files externally, up 21 percent YoY Sharing sensitive data with an open, publicly accessible link, has increased by 23 percent YoY Sensitive data sent to a personal email address also increased by 12 percent YoY”.
Any data breach happening as a result of cloud misconfiguration will be the responsibility of the organization. Also, the study finds that most incidents in the cloud are due to insider threats and compromised accounts.
Furthermore, the reports revealed that about 25% of the data on the cloud can be qualified as sensitive data. This fact, coupled with the high use of cloud and the great number of misconfiguration incidents that happen each month, raises the alarm as to the risks posed by the cloud. The General Data Protection Regulation, along with newer data protection laws, such as the California Consumer Privacy Act, have stricter requirements with regards to processing and securing sensitive data. All of this proves once more the increased need for security and data protection across all systems.
The study also reminds companies that they are responsible for securing the data they upload on the cloud and they should not base themselves on the idea that bigger companies like AWS or Google are already compliant with data protection laws. Their compliance does not mean that companies themselves don’t have to take any steps to protect data they upload on the cloud. As a result, McAfee recommends that companies continuously monitor and audit their AWS, Azure, and other cloud platforms.