The adoption of public cloud applications continues to accelerate for both organizations and individuals at an exponential rate — evidenced across the massive growth in the volume of accounts, files, collaboration, and connected third-party cloud applications. In fact, the volume of files stored in public cloud applications per organization in 2015 has ballooned to 1.2 million, a 10x increase from 2014.
Adopting cloud technologies affords organizations a wide range of benefits, including dramatic reductions in total cost of ownership, increased flexibility and scalability, the transition from capital expenditure to operational expenditure, and a substantial boost to employee capabilities.
Meanwhile, the volume of sensitive corporate data in public cloud applications is growing, with organizations storing 100,000 sensitive files in cloud platforms on average. Forrester Research further explains:
“Sensitive data is moving to the cloud, beyond the protection of your perimeter controls. … As this occurs, the amount of data, and, most importantly, the amount of sensitive or ‘toxic’ data the enterprise stores in these software-as-a-service (SaaS) and infrastructure-as-a-service (IaaS) platforms is increasing by the day – and regardless of its locations, S&R pros still need to protect it effectively.” – Forrester Research (2015, March). Market Overview: Cloud Data Protection Solutions
How great is the cyber risk in the cloud? According to a recent CloudLock report entitled “Cloud Cybersecurity Report: The Extended Perimeter,” it might be greater than you think.
Key Cloud Facts and Cybersecurity Risks
Click through for five reasons your organization should take cloud security very seriously, as identified by CloudLock.
Loads of Sensitive Information
Fact: Organizations have an average of 100,000 files that contain sensitive information stored within public cloud applications.
The Cybersecurity Risk: Public cloud applications enhance users’ ability to create, access, and distribute information – including information governed by compliance regulations, such as payment card information, health records, and consumer financial information, to proprietary confidential information, such as intellectual property, customer lists, and product roadmap items. Consequences of leaked sensitive information include financial penalties, reputational damage, and loss of competitive edge in the marketplace.
Fact: As many as one in four employees, knowingly or not, violate corporate data security policy in public cloud applications.
The Cybersecurity Risk: Security policies tend to focus on two key areas: the type of sensitive content and the exposure of sensitive content. This means that one in four users are opening their organization up to potential data security and cybersecurity concerns in the form of inappropriate data storage or excessively accessible critical data assets.
Fact: On average, each organization has a staggering 4,000 instances of exposed credentials.
The Cybersecurity Risk: These usernames and passwords were either accessible across the entire company externally, or, in the most severe cases, publicly – a cybersecurity threat waiting to happen.
Fact: More than 45,000 installs of third-party cloud applications by privileged users were discovered by CloudLock.
The Cybersecurity Risk: Since privileged users are often super administrators with an extensive access scope, they represent a heightened cybersecurity risk and, as such, no third-party applications should be connected to these accounts. The excessive access scope of many third-party cloud applications becomes problematic if the application is compromised or malicious by design – or simply may be externalizing sensitive information unbeknownst to end users.
Fact: 24,000 files per organization are publicly accessible, i.e. they are indexable by search engines, creating another risk vector.
The Cybersecurity Risk: These files may contain sensitive data or, as in the data point of 4,000 exposed files per organization on average that contain credentials, prove to be valuable payloads for cyber criminals.