Can you protect your data when it’s no longer inside your network?

A businessman inside smart phone with a loud speaker shouting to another man [Attention, noise]
alashi / Getty Images

As if bring your own device (BYOD) trends hadn’t created enough grief for data-security managers, widespread decentralisation of data in the cloud is proving to be an even bigger problem – with usage surging and a new study finding that 52 percent of companies are using cloud services that have had user data stolen in a breach.

Fully 83 percent of the more than 350 Asia-Pacific companies surveyed in McAfee’s Enterprise Supernova report – ahead of the 79 percent global figure – said they are storing sensitive data in public cloud services.

Companies were using an average of 41 approved cloud services per company – up a third from last year – and 84 percent said they were allowing employees to access data from those services on their personal devices, including 30 percent that had had sensitive data downloaded to such a device.

Proactive measures to protect cloud-stored data were also lacking: despite the fact that fully 26 percent of files stored in the cloud contain sensitive data – up 23 percent compared with the previous year – this data is left unencrypted at the 91 percent of cloud services that don’t use encryption.

Such dramatic changes in data flows had created new risks around data protection and governance: while 86 percent of APAC companies understand they need to secure data in the cloud, fully 35 percent said they don’t have staff with the know-how to actually do so.

“As organisations around Australia quickly move toward cloud environments, data is no longer tied to enterprise networks,” said Joel Camissar, Asia-Pacific regional director for MVISION Cloud with McAfee.

“The dispersion of data fragments visibility and control, hereby, opening doors to security vulnerabilities,” he continued. “While it is expected that cloud providers have measures in place to keep data secure, cloud security is a shared responsibility and organisations need to keep at top of mind that they have a role in the security paradigm.”

Western Australian bank P&N is among the latest organisations to be reminded of the importance of better understanding data flows, with investigators called in after a 12 December data breach compromised a large volume of personal data from the bank’s customer relationship management system during a server upgrade.

The server was hosted at a third party hosting provider, the bank explained in a stark reminder of the importance of extending robust data-protection structures onto any platform where personal data is held.

This incident, and other breaches like it, have become old news as the distribution of data outpaces companies’ ability to contain and protect it.

“Organisations need to be more proactive in mitigating risks involved in adopting the cloud by realising the shared responsibility model and implementing internal security measures built in the cloud for the cloud,” Camissar said.

“An in-depth understanding of where data goes, and how risks have evolved with the advancement of cloud infrastructure, will help inform an appropriate cloud native security framework.”

Related:

Copyright © 2020 IDG Communications, Inc.

What is security's role in digital transformation?