Changing the Status Quo of Cloud Security
Skyhigh Security’s The Data Dilemma report underscores major paradigm shifts in cloud adoption and risk.
By Rodman Ramezanian, Global Cloud Threat Lead, Skyhigh Security
Over the last few years, the ongoing cybersecurity transformations impacting organizations across the globe have shaken up the status quo of how data is managed and protected. Cloud adoption has risen astronomically, as seen in Skyhigh Security’s The Data Dilemma: Cloud Adoption and Risk Report, with the use of public cloud services increasing 50% from 2019 to 2022. Driven by the pandemic and the adoption of work-from-home and hybrid models, there has become a crucial need for organizations to be able to access data from anywhere. Businesses can often accelerate their goals at a lower cost by relying on the cloud for data storage and access. However, this also means data is no longer on just endpoints – it’s everywhere.
In the wake of this paradigm shift, it’s become clear that traditional security measures are no longer enough to protect data. With cloud services replacing many applications formerly run on-premises, more organizations are storing sensitive data in the public cloud – 61% on average. This data, ranging from personal staff information to intellectual property and network passwords, can easily damage a company’s reputation and its ability to function if it lands in the wrong hands. As organizations continue to face a myriad of security issues during this transition to the cloud, threat actors wait in the shadows to capitalize on the growing data exposure.
Without visibility, data loss prevention is nearly impossible.
The complexities around securing data in the cloud highlight inconsistent security controls and a lack of visibility from organizations. In fact, over half of Software-as-a-Service (SaaS) products are commissioned without direct IT involvement – meaning a lack of expertise in business decision-makers may be putting organizations at risk. This is evidenced by 75% of organizations having experienced a cybersecurity breach, threat, and/or theft of data, emphasizing the criticality of modernizing and optimizing data management and security in the cloud.
Not only do organizations need to know where data is going in order to protect it, but they also must know in order to keep it from being stolen. It’s essential that security teams have broad visibility and control over their entire cloud-native environment, but unfortunately 28% of organizations still report a lack of visibility into what data is stored in cloud applications. While Shadow IT, the use of IT systems without department oversight, has been around for some time, organizations are only now starting to see the negative impacts on data security. From 2019 to 2022, there was a 25% increase in organizations reporting that Shadow IT was impairing their ability to keep data secure – a massive shift indicating the ongoing demand for public cloud usage may be compromising existing data security systems.
Combatting distrust and risk simultaneously
As the adoption of cloud services has grown, so has internal apprehension. In particular, 37% of organizations don’t trust that the public cloud can keep their sensitive data secure. This could be explained by the never-ending onslaught of threat actors attempting to lay siege to critical data, or it could be that an increasing number of organizations allow employees to use personal devices to access data in the public cloud – six in ten, to be exact. This only compounds the risks associated with storing data in the cloud.
On the other hand, 93% of organizations say that their IT department controls what sensitive data is uploaded to the cloud from personal devices. This poses another question: do they have the correct controls in place, or are they naïve to the fact they have security gaps?
Evolving to meet the pace of cloud adoption.
Cloud security must grow at the same pace as adoption if organizations are to handle the complexities of controlling data flow. Most organizations’ data protection practices have not kept up with the increased adoption, as demonstrated by the ongoing breaches making headlines every day. Even organizations that are not hybrid or 100% remote will more than likely find themselves storing and accessing data in cloud environments. The benefits are too great to ignore – scalability, capacity, accessibility, speed – but it also brings new challenges that warrant new solutions. Securing data is more challenging than ever before, but organizations across all industries must rise to the occasion.
Over half of organizations surveyed in The Data Dilemma report plan to invest more in cybersecurity. This gives us hope that more and more organizations will set their sights on preventing data loss and adopting security measures, such as Zero Trust principles, that can break what was once the status quo of cloud security.
About the Author
Rodman Ramezanian, Global Cloud Threat Lead at Skyhigh Security, has over 11 years of extensive cybersecurity experience. Rodman specializes in the areas of Adversarial Threat Intelligence, Cyber Crime, Data Protection, and Cloud Security. He is an Australian Signals Directorate (ASD)-endorsed IRAP Assessor – currently holding CISSP, CCSP, CISA, CDPSE, Microsoft Azure, and MITRE ATT&CK CTI certifications.