Businesses today rely heavily on the cloud to grow faster and scale up when needed. All this leads to more incidents and security risks when storing data in the cloud or using cloud services, according to recent research by security specialist McAfee.
In its recent Cloud Adoption and Risk Report, security experts have found that cloud services are incredibly popular with companies. Not only for storing data, but also for purchasing all kinds of SaaS, IaaS and PaaS services. With this, companies hope to be able to make rapid progress with their digital development and at the same time serve their customers as well as possible.
The increased popularity of cloud services is increasingly leading to the storage of sensitive information in these environments. More than a quarter of all stored data, according to the study. It is clear that this data must not fall into the wrong hands. However, companies are responsible for the security of this data, wherever it is located. Cloud providers only look at the security of their own environments and not at customers’ data stored within them.
Sources of possible security breaches
So companies run risks and have to do something about it, says McAfee. The seriousness of these risks is evidenced by the fact that much of the information stored in cloud environments is shared by employees with each other and with third parties. It is intended to promote cooperation, but it also leads to security risks such as uncontrolled sharing and, as a result, the unforeseen disclosure of sensitive information.
The use of various SaaS, IaaS and PaaS services also creates increased risks. As a result, end users will have more responsibility for their own security. Not only for data, but also for matters such as identity and access control, applications, network management and the host infrastructure. The various providers of these types of cloud services, such as AWS, Azure or Google Cloud Platform, often use their own complex security methods.
This is reinforced by the fact that companies often purchase these services from different suppliers and run several versions of different products. As a result, end users will no longer be able to see the wood for all the (security) trees. This increases the risk of configuration errors, according to the study. These faults can potentially lead to safety risks.
There are also internal threats, such as hacked employee accounts. These threats also appear to be on the increase, according to the report.
A lot to do for companies
So there is a lot of work to be done and McAfee comes up with some tips. To store and share data securely, it is important to know what cloud services they use, where the sensitive data is located and how and with whom it is shared. Only then can they choose the right security approach and draw up guidelines.
To ensure good security of SaaS, IaaS and PaaS services, the specialists advise the various providers of these services to continuously assess their security policies. They also have to secure the data stored on these platforms themselves.
Finally, to combat internal threats, companies need to know exactly how cloud services are being used and to check more often for deviant behaviour.
Deployment Cloud Access Security Brokers
In order to make all this possible, the researchers advocated the use of so-called Cloud Access Security Brokers. These are cloud native services that facilitate security, compliance and policy options for cloud services. This allows companies to deploy their current security policies and expand them with new cloud native capabilities. Only then can companies properly protect their data and arm themselves against threats in the entire SaaS, IaaS and PaaS landscape, says McAfee.This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.