Almost all companies using the cloud experience data breaches. Just about all companies (98%) have had a data breach in the past 18 months. Two-thirds even had three or more of these incidents. This is according to a study by Ermetic, a cloud infrastructure security platform.
Last Wednesday, the cloud security company released a report on the state of cybersecurity in the United States. The companies that have been researched fall within the following sectors:
- Banking sector (13%)
- Healthcare (11%)
- Pharmacists (12%)
- Construction sector (11%)
- Retail (11%)
- Software development (11%)
- Other sectors (31%)
The problem in cloud security
Nearly two-thirds of chief information security officers (CISOs) say there is a lack of visibility in the cloud infrastructure. In addition, they say that giving access is inadequate.
“Despite nearly 70% of companies spending more than 25 hours a week on cloud identity management, the survey shows that 83% had at least one access-related cloud data breach,” said Shai Morag, CEO of Ermetic. Cloud identity management is the control over who has and who does not have access to certain files and information.
An effective cloud infrastructure security system must focus on identities, access and privileges to truly protect against cybersecurity risks. Many companies use commercial – or even free – cloud systems to ensure their security. However, these systems do not always provide enough insight.
Most organizations want to do it right
Most of the CISOs surveyed (92%) indicated that their organization tried to establish the least privilege but failed. The least privilege is a method that is strict in what privileges users, programs, and processes are given. As a result, users only see the information they need. By limiting access to all information, you limit the chance of data leakage.
While most companies have tried to implement this method, most have failed. Half of the larger organizations say they find implementation difficult and time-consuming. They lacked staff or expertise or used multiple cloud programs.
How organizations can improve their cloud security
In addition to implementing the least privileged method, there are other steps companies can take to work securely in the cloud.
It starts with using strong passwords and limited access. A second important step is to only work with secure and reliable cloud systems. For example, make sure that the provider is accredited with certificates such as ISO 27001 and that it does not have any strange ‘small print’ in the contract. More tips for choosing a good cloud service can be found at cloudindustryforum.org.
It helps to have a strict policy about cloud usage. Ermetic’s research shows that policy is now fragmented. By making decisions at different levels, information flows through different people. As said before, more people with access means more chance of problems.
Catch up on more articles here
Follow us on Twitter here