Cloud Security Concerns Cause Many to Consider ‘Unclouding’
Data security concerns have prompted many organizations that store customer personally identifiable information (PII) in the cloud to consider moving it back on premises.
That’s according to the 2019 Netwrix Cloud Data Security Report. The annual report is based on feedback from nearly 750 organizations that use private and public cloud services to store their data.
Some 46% of organizations are considering moving PII back on premises. Of the half that store customer data in the cloud, 39% had security incidents in the past year and more than half of those couldn’t diagnose the problem.
Ken Tripp, Netwrix‘s director of channel accounts, tells us small businesses extensively are using cloud storage and are leaders in implementing a cloud-first strategy.
“To support SMBs that rely on the cloud, MSSPs should provide them with affordable packages for cloud security,” he said. “These packages should include, but are not limited to: data discovery and classification functionality, as the study’s results prove that knowing your data decreases security risks to it; auditing capabilities to understand what happens around sensitive content and detect issues at early stage; [and] data loss prevention (DLP) and cloud access security broker (CASB) solutions for stronger protection.”
Second, cybersecurity providers should offer their customers optional compliance services for the cloud, Tripp said. With today’s data privacy laws, there are many businesses that are new to compliance and the demand for affordable and reliable compliance services will grow, he said.
“Finally, MSSPs and other cybersecurity providers should consider offering cloud consulting,” he said. “The survey’s results demonstrate that a considerable number of organizations failed to reach their goals for the cloud migration, such as data security and cost reduction. It means that organizations need professional guidance before and after cloud migration to ensure that they don’t lose the focus on core goals.”
Other findings revealed by the report include:
- One-half (50%) of respondents store PII of customers and employees in the cloud, but far fewer are willing to store their financial data and intellectual property (IP) there (26% and 16% respectively).
- Three-quarters (75%) of organizations that store customer PII in the cloud, but do not classify all their data, experienced a security incident.
- Thirty-one percent of respondents consider business users to be the major security threat, while 16% think members of the IT team are a security risk.
- One-third (33%) of respondents that store all their sensitive data in the cloud had security incidents during the preceding 12 months.
- Compared to 2018, the share of accidental errors has increased by 14% and the share of malware attacks has increased by 11%, while the share of external attacks has decreased by 20%.
- Respondents plan to strengthen their cloud data security with encryption, monitoring of user activity and employee training, but 55% are having to manage with the same cloud security budget as last year.
“The finding that gave us an unpleasant surprise is that the ability of organizations to identify the actors responsible for incidents has diminished significantly — 36% of respondents were not able to determine who caused a security incident, as opposed to 6% in 2018,” Tripp said. “This is quite disturbing and demonstrates that organizations …