Woburn, MA – December 18, 2017 – According to new research from Kaspersky Lab, 35 percent of businesses admit that they are unsure if certain pieces of corporate information are stored on company servers or on those of their cloud providers. Businesses are rapidly adopting cloud-based services to leverage cost savings, but the new report shows that this is leaving them unable to safeguard and account for business data, which puts them at risk to the effects of a potential third-party data breach.
Cloud services are enabling companies to take advantage of key technologies to support day-to-day operations and growth plans – without having to worry about maintenance or a hefty price tag. Therefore, it’s no surprise that 78 percent of businesses are already using at least one Software-as-a-Service (SaaS) based platform, and nearly the same amount (75%) are also planning to move more applications to the cloud in the future. When it comes to Infrastructure as a service (IaaS), nearly half (49%) of enterprises and 45 percent of SMBs are looking to outsource IT infrastructure and processes to third-parties.
However, the adoption of cloud services is also making it extremely hard for organizations to achieve a well-defined security strategy, since the uncertainty around who is responsible for the security of corporate sensitive data in the cloud becomes a challenge. Our research found that seven out of 10 (70%) businesses using SaaS and cloud service providers have no clear plan in place to deal with security incidents which could affect their partners. A quarter (24%) admit to not even checking the compliance credentials of their service provider – suggesting an assumption that they will pick up the pieces if something goes wrong.
However, with a quarter (24%) of businesses having experienced a security incident affecting the IT infrastructure hosted by a third-party over the past year – and 47% of those affected suffering data loss, leakage or exposure as a result of the third-party cloud infrastructure breach – a reliance on cloud providers alone to protect sensitive corporate data is a risky strategy.
The lack of planning and accountability of sensitive data by cloud adopters could have serious consequences for businesses, with enterprises suffering an average $1.2M financial impact as the result of a cloud-related security incident, compared to $100,000 for SMBs. Where data has been compromised as the result of a third-party incident, the top three types of data to be affected were:
Businesses need to find a better way to control and protect their sensitive corporate data. To do so, companies need spotting anomalies within their cloud infrastructures, which can only be achieved through a combination of techniques including machine learning and behavioral analytics. The ability to identify and defend against unknown threats is absolutely fundamental to cloud infrastructure security. In addition, enabling visibility of the cloud ecosystem and its cybersecurity layer will give businesses a clear view on where data resides and if it’s current protection status meets corporate security policies.
“Today, businesses are leveraging cloud infrastructures more than ever because of the efficiency and flexibility to the organization, but this digital business transformation is presenting new questions around where data resides and how it’s being secured,” said Rob Cataldo, vice president of enterprise sales at Kaspersky Lab North America. “When making the critical decision of which third-party providers to work with, businesses not only need to reevaluate their own cloud security posture, but they also need to have a discussion with third-party providers about their cybersecurity policies and treat the relationship as a business risk that needs to be continuously managed.”
To explore more about cloud security trends, read the full survey report at https://www.kaspersky.com/blog/cloud-zoo/.
To learn more about how our products can help businesses secure their cloud data, please visit https://www.kaspersky.com/enterprise-security/cloud-security.