IT Pros Have Little Confidence in Cloud Storage Security—But Use it Anyway
A good chunk of global IT pros (26%) lack confidence in their IT team’s knowledge of how to properly use cloud storage services, despite using a large number of public and private cloud storage providers.
That’s according to a study from Blancco Technology Group, which points out that not having visibility into an organization’s use of cloud providers can lead to unauthorized access to data, improper handling and storage of data and improper data removal methods being used at various stages of data’s lifecycle. And when that happens, it could leave an organization highly exposed and vulnerable.
The research uncovered that organizations tend to use a large number of cloud storage providers: 89% of those surveyed said they use a total of one to 15 private cloud storage providers to store corporate data, and another 92% use one to 15 public cloud storage providers.
Organizations are more cavalier with customer data than with that of their employees: Over half of organizations (56%) are now storing customer data in the cloud, while half that amount (28%) are storing employee information in the cloud.
And to boot, organizations lack defined audit processes and monitoring to be compliant: 15% of IT pros says their organization rarely or never conducts audits of the cloud providers storing their data. Additionally, when selecting a provider, reputation and contract terms outweighed regulatory compliance. Yet, close to half (40%) of organizations believe storing corporate data in a cloud environment increases their compliance risk.
When it comes to risk awareness, fighting off APTs, compromised credentials and hacked interfaces are top cloud security priorities. When IT professionals were asked to rank various cloud security threats in terms of their company’s priority—specific to budgets, resources and tools—the respondents cited advanced persistent threats (APTs), compromised credentials and hacked interfaces/APIs as being top priorities.
And finally, data migration and data center decommissioning processes are fundamental to preventing data loss. But, 16% of organizations admitted that they ‘do not know’ what security precautions they would take to prevent data loss/theft when decommissioning/shutting down a cloud/virtual server.
“Whenever storing data offsite with a cloud provider, organizations must be diligent in knowing where their data is being stored, how it’s being protected and when it needs to be removed (in the case of migrating data to a new vendor or consolidating data centers, for example)," said Richard Stiennon, chief strategy officer at Blancco Technology. “A cloud compliance audit should include a review of policies and procedures that the cloud storage provider applies to your data, the technical solutions in place to protect your data and the skills of technical or business staff responsible for your data.”
Photo © VladFree
Source: Information Security Magazine