Cloud storage is so convenient it’s not even funny. You have the potential to access all your files wherever there is an internet connection, and to people who were working with file-sharing and vast amounts of data 10 years ago, it might have sounded like some kind of mild superpower.
However, as a famous fictional character with superpowers often says, “with great power comes great responsibility”. But what if we told you that businesses around the globe are currently enjoying all of the power of the cloud, while bearing none of the responsibility?
The Ponemon Institute is back with another alarming study, this time focusing on the extreme vulnerabilities surrounding Cloud storage. For starters, IT professionals who took part in the global study estimate that 33% of their organizations IT and data processing needs are met by cloud resources, but 70% of them believe more has to be done to protect sensitive information on the cloud.
Views are mixed on who is actually responsible for protecting sensitive data on the cloud; it’s an almost perfect 3-way split between the cloud provider, the cloud user, and shared responsibility.
We’ve had a personal encounter with a popular cloud service provider that further confirms the fact. Around 18 months ago, one of our team members had a conversation with a senior engineer at a popular cloud support provider. We asked them what they were doing about PCI compliance and who bears the responsibility of storing files that contain sensitive data. Their response was simple – “we’ve outlined in our terms and conditions that you shouldn’t be using our service to store sensitive information.” The problem with this is- how many people actually read their terms and conditions, and are aware of the risks?
This position from cloud providers is common, however it’s one that won’t hold up in the event of a compromise – the cloud provider’s brand and legal people will ultimately be pulled into the mess, regardless of what terms and conditions are stated on their website.
The Ponemon study also covers the threat shadow IT poses to cloud security. For the uninitiated, shadow IT is a term for IT systems and solutions built and used inside organizations without organizational approval. Currently, an average of 44% of corporate data is reportedly being stored this way, which is a big problem.
To further drive home the fact of how big a deal this is, 55% of IT professionals surveyed revealed that they are not confident they know all the cloud services used within their companies. How are IT security experts supposed to protect a company’s data if they don’t even know where all of it is?
You may read up on the full study here, but if you’re just looking for the highlights, here are the headliners:
- 71% of respondents say it is more difficult to protect sensitive data in cloud computing environments using conventional security.
- Only 38% said their organizations have clearly defined roles and accountability for safeguarding confidential or sensitive information in the cloud.
- Only about 30% of companies actually use encryption to secure sensitive data in the cloud.
So let’s do a roundup- A third of all data is on the cloud, but it’s all mostly unencrypted, assuming they even know where all of the data is.
We had a round table discussion on how this whole mess can be rectified and came to the conclusion that the key phrase here is structure. Because cloud technology is relatively new, many companies have yet to implement regulations for the safe storage of data on the cloud. Such regulations can include what can and can’t be stored, what requires encryption, and the accurate logging of where information is being stored.
But as French people from the 1700s probably know best, revolution does not come easy. While IT security departments have the technical know-how, they are helpless without the backing of company CEOs, who have the power and the responsibility to implement tighter guidelines for cloud storage usage. For the CEOs reading this who are still on the fence over whether to start a cloud security revolution, remember this: if any heads are going to roll for a data breach, the guillotine chops from top-down.
Morbid jokes aside, some proper encryption guidance and acceptable use cases for cloud data storage is something every organisation should take seriously. The most difficult aspect of the whole procedure is, of course, training staff to comply, and making sure that they actually do. This survey reveals that 93 percent of employees surveyed knowingly violate policies designed to prevent data breaches. Again, the burden of responsibility falls on company CEOs, who must make known how important it is that every aspect of data security, not just cloud storage, must be taken seriously by every single company staff member.
Back on the topic of safe cloud storage, Ground Labs’ Card Recon and Data Recon software tools can currently scan on Google and Amazon cloud storage locations, and will shortly offer capabilities for Dropbox, OneDrive (Office 365 online storage), Box and Azure. These tools offer a truth-revealing approach for IT security experts looking to find sensitive data on cloud platforms that are typically used by non-IT staff, and find data that the staff themselves might not even be aware they are storing illegally.
Both products are available to try for free and it takes less than a minute to activate. You can find more information about them on the Ground Labs website, including the vast number of storage locations they can search for over 95 types of sensitive data, such as health records and credit card numbers.
At any rate, a free scan of your cloud storage facilities is bound to be a better start to revealing your cloud risks vs searching each file on every cloud storage location manually.
Download your free cloud scanning software today.