Organizations face an uphill battle to keep their sensitive data secure
On average, organizations store 61% of their sensitive data in the cloud, and most have experienced at least one cybersecurity breach (90%), threat (89%) and/or theft of data (80%), with 75% experiencing all three, according to Skyhigh Security.
Overall, the report underscores the need to address data security gaps by investing in comprehensive data protection that provides remote workforces with a secure and productive user experience.
Today, data is everywhere, traversing devices, cloud applications, the web and infrastructure, so it comes as no surprise that one of the biggest challenges organizations face is securing their vital data,” said Rodman Ramezanian, global cloud threat lead, Skyhigh Security.
“The problem is compounded by the increasing use of private and public cloud services, practices like shadow IT and even economic factors. With so many variables, it begs the question: Are organizations trying to solve new problems with old methods? Our report findings reinforce the importance of a converged platform across data, web and cloud protection capabilities to cater for the needs of security teams today,” concluded Ramezanian.
Pandemic spurs public cloud adoption
Public cloud usage has jumped in the past several years, partly as a result of the pandemic, which forced most businesses to shift to a work-from-home or hybrid model.
As the report points out, from 2019 to 2022, use of public cloud services increased to approximately 50% among survey participants. For example, 41% of organizations are using Software-as-a-Service (SaaS) application Microsoft 365 for email and/or file storage.
Organizations lack trust in the public cloud to keep their sensitive data secure
While the cloud has many advantages and supports greater agility and collaboration, the report demonstrates that organizations are well aware they need better visibility into and more consistent control over where their data is going.
Of those that use SaaS, 28% of organizations report advanced threats and attacks against their cloud application providers, compared to 23% in 2019, and 23% say they are unable to prevent malicious insider theft or misuse of data, up from 17% in 2019. Overall, 37% of organizations lack trust in the public cloud to keep their sensitive data secure.
This is equally, if not more concerning, in the private cloud. The report indicates that 26% (compared to only 9% in 2019) of organizations do not trust private cloud providers with their data and the percentage of those experiencing challenges related to a private cloud increased 15% since 2019 (from 82% to 97%).
Shadow IT undermining data security
Adding to increased malicious activity in the cloud and lack of confidence in providers’ ability to adequately protect data, organizations worry about the proliferation of personal devices at work. Six out of 10 organizations permit employees to download sensitive data to personal devices, which further increases risk.
Shadow IT, whereby employees commission cloud services without IT approval or involvement, is another area that continues to worry survey respondents. There has been a 25% increase in the number of organizations that say shadow IT is undermining their ability to keep data secure – up from 50% in 2019 to 75% in 2022.
Organizations are beginning to take various measures to curb data loss and theft, but adoption is still low considering the prevalence of threats and incidents. According to the report, cloud access security broker (CASB) solutions are used by 42% of organizations, and secure web gateways (SWG) are used by 28% of organizations for added protection.
When shadow IT is discovered, 23% of organizations leverage data loss prevention (DLP) and encryption to keep data in cloud services secure. While deploying these technologies is a step in the right direction, most feel that cloud security could be simpler from an administrator’s (86%) and/or user experience (79%) perspective.