Skyhigh Security has released The Data Dilemma: Cloud Adoption and Risk Report, focusing on the prevailing problem of how to protect data that is used, shared and stored in today’s hybrid and cloud-first enterprise environments.
The report finds that, on average, organisations store 61% of their sensitive data in the cloud and most have experienced at least one cybersecurity breach (90%), threat (89%) and/or theft of data (80%), with three-quarters (75%) experiencing all three. Overall, the report underscores the need to address data security gaps by investing in comprehensive data protection that provides remote workforces with a secure and productive user experience.
Cloud adoption accelerates rapidly
Public cloud usage has jumped in the past several years, partly as a result of the pandemic, which forced most businesses to shift to a work-from-home or hybrid model. As the report points out, from 2019 to 2022, the use of public cloud services increased to approximately 50% among survey participants. For example, 41% of organisations are using Software-as-a-Service (SaaS) application Microsoft 365 for email and/or file storage.
Organisations lack confidence in data protection efforts by cloud providers
While the cloud has many advantages and supports greater agility and collaboration, the report demonstrates that organizations are well aware they need better visibility into and more consistent control over where their data is going.
Of those that use SaaS, 28% of organisations report advanced threats and attacks against their cloud application providers – compared to 23% in 2019 – and 23% say they are unable to prevent malicious insider theft or misuse of data, up from 17% in 2019.
Overall, 37% of organisations lack trust in the public cloud to keep their sensitive data secure. This is equally, if not more concerning, in the private cloud. The report indicates that 26% (compared to only 9% in 2019) of organisations do not trust private cloud providers with their data and the percentage of those experiencing challenges related to a private cloud increased 15% since 2019.
Personal device usage and Shadow IT multiply data risk
Adding to increased malicious activity in the cloud and a lack of confidence in providers’ ability to adequately protect data, organisations worry about the proliferation of personal devices at work. Six out of 10 organizations permit employees to download sensitive data to personal devices, which further increases risk. Shadow IT – whereby employees commission cloud services without IT approval or involvement – is another area that continues to worry survey respondents. There has been a 25% increase in the number of organisations that say Shadow IT is undermining their ability to keep data secure – up from 50% in 2019 to 75% in 2022.