In 2020, many organizations quickly adopted cloud technologies to support the sudden shift to remote work. But how has this impacted perceptions around cloud security? According to the annual Netwrix Cloud Data Security Report, which surveyed 937 IT professionals worldwide, confidence in cloud security is diminishing. In fact, only 46% of respondents said they store non-sensitive data in the cloud, compared to 57% in 2019, and those storing customer data in the cloud dropped from 50% to 44%.
What’s even worse, 62% of organizations reported they will be removing sensitive data from the cloud, or have already done so, in order to improve data security. This number is up from 48% in 2019.
Why the diminishing confidence in cloud-stored data? The number of security incidents in the cloud in the past year is a key contributor. Among the top three incident types companies have faced in the cloud this past year were phishing (40%), ransomware (24%), and accidental data leakage (17%).
For companies that want to continue to realize the benefits of the cloud for greater application and storage economies and access, what can be done to shore up security concerns? Consider these four key recommendations to optimize the security of cloud-stored data, both sensitive and not.
Continuously audit user activity and classify data to speed incident detection.
The overwhelming majority of respondents that audit user activity and classify their data were able to detect incidents in minutes or hours, while the other organizations needed days, weeks, or months. Indeed, having broad visibility into what data the organization stores and what is happening around it not only speeds issue detection but enables organizations to find and fix security gaps before they suffer a breach.
Automate or delegate to do more with less.
The top three challenges for most organizations when it comes to securing data in the cloud are lack of staff, financial resources, and expertise. These hardships force security teams to operate in a reactive rather than proactive mode, which means there is a greater risk of experiencing incidents and being unable to detect and respond to them promptly. Even though businesses are relying on IT much more in the wake of the pandemic and stay-at-home orders, most IT teams didn’t have their security budget increased. As a result, they need to juggle ever-limited resources to pull the company through a more sophisticated threat landscape, so we will keep living in the “new day, new breach” reality. To overcome the challenge of limited resources, organizations should consider outsourcing IT tasks to managed security service providers (MSSPs) or invest in tools that automate routine IT tasks.
Beware of supply chain attacks.
Incidents that included supply chain compromise had the most impact on organizations; they were more likely to result in compliance fines, a decrease in new sales, changes in senior leadership, and lawsuits than any other incident types. To avoid these consequences, organizations need to pay attention to the less-secure elements in their supply network. Proven security best practices to mitigate these risks include network segmentation, continuous auditing for malicious activity across the environment, and alerting to suspicious actions. Be sure to ask partners to prove that they take all necessary security measures, such as third-party audits or confirmation of usage of certain security services and/or tools. Liability can also be limited by contracting with partners to make them accountable in the event that they experience a data breach.
Think business when assessing security risks.
To drive adaptive security and ensure adequate attention to real risks, IT professionals should identify potential threats and vulnerabilities to determine the consequences they pose. Data shows that it is of critical importance to look beyond classic consequences, such as unplanned expenses or compliance fines. Certain types of threats (e.g., supply chain compromise and data theft) can have far more severe outcomes that affect the company’s financial well-being and have a negative impact on valuation or churn rates. As a result, when assessing security risks, security leaders should include the long-term consequences of data breaches on the business as a whole.
Storing data in the cloud doesn’t have to be a risky proposition. By taking clear steps to protect data, no matter where it’s stored, you can still benefit from the value of scale, efficiency, and access without apprehension.