The cloud is no longer a mystery to businesses today, which uses its benefits to drive growth, but securing data, applications and cloud infrastructure remain a challenge.
With the latest, McAfee researchers’ survey companies worldwide combined their data with information from billions of anonymous cloud events through their website. Most cloud users reported accelerated activity and reported benefiting from improved security. However, a closer look at the numbers shows the need to better control information and applications in the cloud.
Only a few respondents said they could audit infrastructure-as-a- services (IaaS), such as open access to storage warehouses. One-third shows that you can control application collaboration settings. A little more (30%) can implement Data Loss Prevention (DLP) in the cloud, and around an equal number of companies in Cloud Access Security are likely to launch new products.
Two years ago, security was the biggest obstacle to cloud adoption, because companies were reluctant to share data with their suppliers. Now, with reduced security and business decisions are driven by vendors to accelerate the transition to the cloud, they become accustomed to these changes, but they do not realize that cloud providers do not cover all security. On the one hand, they are still responsible.
As the researchers say, the only security element that cloud providers cannot protect for their clients is the way their services are actually used, especially the data stored in the service, shared externally and accessible from various devices and locations. For example, suppose a confidential data is stored in Google docs is shared with the client, but you cannot hold Google responsible.
It should be noted that 60% do not know how their employees place confidential files on their mobile phone or laptops. Only 40% of respondents can control access to data in the cloud for their personal devices. The researchers found that 30% applied the same DLP strategy for employee devices, corporate networks, and cloud.
The first thing is that companies need to know where the data is located. Companies must know what data must be protected, where they go and who can access it according to compliance requirements.
A third of respondents said they could find and solve problems related to ghost computing, but Viarengo said that the company had taken steps to solve this problem and formally sanctioned applications and services in the cloud. According to researchers, only 10% of confidential business data is stored in unauthorized applications, and that the overall risk of exposure of confidential data through shadow computing has decreased.
According to report on Dark Reading regarding, where the confidential data is stored?
By protecting data in the cloud, researchers recommend starting with an application that contains most of the confidential information and reduces it. Whether the company has used this application or plans to launch it, can help maximize risk mitigation.