Business must do more to limit exposure of data in the cloud

1 February 2019 Infrastructure, Information Security

Organisations should pay closer attention to security concerns associated with storing data in the cloud as configuration errors together with cloud threats pose a significant and ever-increasing risk to enterprise data, says Nompumelelo Mdima, McAfee Business Development Manager at Axiz Advanced Technologies.

Nompumelelo Mdima.
Nompumelelo Mdima.

“While cloud services offer business the advantages of scalability, business continuity, collaboration efficiency and flexibility of work practices, it is equally important to appreciate that data in the cloud is more exposed than many organisations realise,” notes Mdima.

According the most recent Cloud Adoption and Risk Report released by McAfee, nearly a quarter of the data in the cloud can be categorised as sensitive, putting an organisation at risk if it is stolen or leaked. The report also revealed that the sharing of sensitive data with an open, publicly accessible link, increased by 23% year-on-year. In addition, the average enterprise experiences more than 2200 misconfiguration incidents per month in their infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) instances.

Mdima says the data highlights the need for business to deploy cloud security solutions that span the entire cloud spectrum as cloud service providers only cover the security of the cloud itself, not customer data or customer use of their infrastructure and platforms. “It is imperative that business adopt a cloud strategy that includes data loss protection, configuration audits, and collaboration controls to properly protect their data. Not doing so also has consequences through noncompliance with internal and external regulations.”

Organisations need to first understand which cloud services are in use, which data is sensitive, and how it being stored and used as a first step to mitigating risk. “Armed with a clear and coherent overview, suitable security policies can be put in place to prohibit sensitive data from being stored in unapproved cloud services and guard against noncompliant sharing of data via email or through a publicly accessible link,” says Mdima.

The McAfee report, which analysed billions of events in anonymised cloud use, also found that most threats to data in the cloud result from compromised accounts and insider threats. “A sound security policy should also have protocols for identifying irregular behaviour, for instance when a user accesses the cloud from separate locations simultaneously, so that a comprised account can be dealt with immediately,” adds Mdima.

“In order accelerate their business, organisations should look to cloud-native and frictionless ways to defend against security threats. Proactively addressing security responsibilities before there’s an incident remains the best way mitigate risk and safeguard what is very often a company’s most valuable asset – its data.”





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

VPS hosting set to dominate in 2025
Infrastructure
SME market growth and the increasing need for a digital footprint are pushing VPS growth in South Africa, especially since it is now perceived as a viable business tool, scalable by nature, with improved performance.

Read more...
Threats, opportunities and the need for post-quantum cryptography
AI & Data Analytics Infrastructure
The opportunities offered by quantum computing are equalled by the threats this advanced computer science introduces. The evolution of quantum computing jeopardises the security of any data available in the digital space.

Read more...
Highest capacity ePMR HDDs
Infrastructure Products & Solutions
Western Digital has announced that it is now shipping the world’s highest capacity UltraSMR HDD with up to 32TB leveraging the time-tested, reliable energy-assisted PMR (ePMR) recording technology for hyperscalers, CSPs and enterprises.

Read more...
Smart surveillance and cyber resilience
Axis Communications SA Surveillance Information Security Government and Parastatal (Industry) Facilities & Building Management
South Africa’s critical infrastructure sector has to step up its game regarding cybersecurity and the evolving risk landscape. The sector has become a prime target for cybercriminals on top of physical threat actors, and the consequences of an incident can be far-reaching.

Read more...
Axis introduces ACS Edge and cloud storage
Axis Communications SA Surveillance Infrastructure Products & Solutions
Axis Communications has launched two new solutions within the AXIS Camera Station ecosystem, AXIS Camera Station Edge (ACS Edge) and AXIS Camera Station Cloud Storage (ACS Cloud Storage).

Read more...
Autonomous healing systems are the future
Infrastructure Information Security AI & Data Analytics
Autonomous healing software, an emerging technology, is gaining traction for its potential to transform how organisations manage software maintenance, security, and system performance.

Read more...
Navigating a connected, AI-driven future at SATNAC 2024
Infrastructure AI & Data Analytics IoT & Automation
The 2024 Southern Africa Telecommunication Networks and Applications Conference concluded its 26th edition with a call to harness AI to drive positive change across the continent. Moreover, students from Wits, North West and Pretoria universities won the best research paper awards.

Read more...
Cost-effective and reliable remote connectivity
Agriculture (Industry) Integrated Solutions Infrastructure
Companies that operate in hard-to-connect areas now have access to reliable connectivity due to a collaboration between MTN South Africa, Vox and Tarana technology.

Read more...
Data resilience in the age of AI
Infrastructure AI & Data Analytics
The discourse around AI has reached a fever pitch, but this ‘age of AI’ we have entered is just a chapter in a story that has been going on for years – digital transformation.

Read more...
Is cybersecurity broken?
Information Security Infrastructure
Companies are spending large amounts on cybersecurity, yet cyber threats continue to persist and thrive. Security executives are under tremendous pressure, and companies are questioning the wisdom of their security budgets.

Read more...