I’ve seen the strides made in cloud security over the years, but a couple of new studies show that there is still a long way to go.
The study from Netskope found that sensitive data stored in the cloud has a one in five chance of being exposed. Okay, the flip side to that is a four out of five chance that your sensitive data won’t be exposed, but when you are dealing with health information, Social Security numbers, and other data that could result in identity theft for unsuspecting consumers, that number isn’t good enough – at least not for those who are still wary about migrating to the cloud.
The primary culprit of data loss is cloud storage apps, where 90 percent of all data loss prevention violations occurred. This result was a surprise, Sanjay Beri, Netskope's CEO and founder, told eSecurity Planet:
"We expected both of these numbers to be lower, especially as IT and users become educated about cloud risks," he said. "This happens because users who are uploading files to cloud storage apps are just trying to get their jobs done as quickly and efficiently as possible, so they aren’t necessarily thinking about the security implications of uploading content and sharing it with internal and external collaborators."
The second study also looked at the security of data stored in cloud apps, in particular shadow data. In its Q2 2015 Shadow Data Report, Elastica revealed serious risks of data storage in cloud apps, both in approved apps and in shadow apps. As Dark Reading reported:
Elastica found millions of files exposed on the cloud to either compliance violations, intellectual property leaks, or other kinds of risk. When examining across organizations and compared with breach cost estimates, Elastica estimated that the average total economic impact of cloud exposures per business would equal $13.85 million.
Like the Netskope study, the Elastica study warned of the increasing risks to health care data, adding that this type of information is leading the way with the most policy violations. Health care records are the hottest commodity on the black market right now. For that reason, Gerry Grealish, CMO at Perspecsys, told me in an email, the health care industry needs to be more aware of the risks. The positive here, he added, is that the industry is beginning to take action:
Health care companies, medical device manufacturers and pharmaceutical makers are big adopters of Cloud Access Security Broker (CASB) technologies. Gartner predicts these solutions, which help protect enterprise data in the cloud, will become an essential component of SaaS cloud deployments by 2017, precisely because of the sorts of threats and risks highlighted in the report.
Grealish also told me that other industries are doing more to mitigate the risk of data compromised in cloud apps. It’s an encouraging step, but until cloud apps do more to improve data loss prevention violations, wouldn’t it make more sense for companies to be more selective about the sensitive data stored in the cloud?
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba