Cloud services are now a vital part of corporate life, bringing a momentous opportunity to accelerate business through their ability to quickly scale, allowing us to be agile with our resources, and providing new opportunities for collaboration. The typical organization uses, on average, 1,935 cloud services spanning enterprise-ready services procured by the IT department such as Office 365 to far lesser known and riskier services such as Mega. As such, sensitive data inevitable makes its way to the cloud, with 21% of all files in the cloud containing some form of sensitive content.
Our latest Cloud Adoption & Risk Report (download a copy here) examines the cloud usage of over 30 million users at companies spanning all major industries worldwide who use MVISION Cloud. Across more than 25,000 cloud services, each organization generates in excess of 3 billion events each month including logins, uploads, edits, shares, deletes, etc.
Here are 5 of the most interesting findings from the report.
21% of files in the cloud contain sensitive data
The most common type of sensitive content found in the cloud is confidential data (e.g. financial records, business plans, source code, trading algorithms, etc.). Sensitive data uploaded to the cloud, in and of itself, is not necessarily a bad thing, but we’ve found that data can be placed at risk if it’s misused internally or shared externally outside of policy.
Sharing sensitive data with an open, public link has increased 23% over the past two years
One of the core tenets of cloud is enabling seamless collaboration and file-sharing. We are increasingly seeing organizations share files/folders through generating links within a cloud service that point to a file/folder. The problem with this approach is that these types of shared links and their underlying files/folders can be accessed by anyone who has the link. This means once a link is shared, there is little in the way of stopping the recipient of that link from forwarding it to others, thereby significantly increasing the risk of data loss. Moreover, it’s incredibly hard for IT security teams to track how many openly shared links exist and whether they have been shared with unauthorized parties. Compounding this problem is the fact that 21% of data in the cloud is sensitive, so it’s highly likely that a substantial percent of those openly shared links point to files/folders containing sensitive data.
The average organization has 2,200 individual IaaS misconfiguration incidents in the cloud
The rapid adoption of cloud services hasn’t stopped at SaaS services such Office 365, Box, or Salesforce. Amazon Web Services (AWS) has been not-so-quietly driving the transformation of server and data center infrastructure into cloud-based services, classified as Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS – think serverless computing like AWS Lambda). Today, 65% of organizations around the world use some form of IaaS, 52% for PaaS. However, the individual services that customers can utilize in IaaS platforms come with deep and often complicated security configuration settings. Not surprisingly, we see that the average organization has a whopping 2,200 IaaS misconfiguration incidents per month. These include things such as not having EBS encryption turned off or misconfiguring EC2 security group ports that may allow unrestricted inbound access.
The average organization experiences 12.2 compromised account threats in the cloud per month
On average, organizations experience 12.2 incidents each month in which an unauthorized third-party exploits stolen account credentials to gain access to corporate data stored in a cloud service. These incidents affect 80.3% of organizations at least once a month. Additionally, 92% of companies have cloud credentials for sale on the Dark Web.
Cloud usage grew 15% from last year, reaching an all time high
The average organization now uses 1,935 cloud apps, an increase of 15% over last year. Broken down by service type, enterprise applications (e.g. Office 365, Salesforce, etc.) account for 70% of cloud services in use by the average company, while cloud apps intended for consumers (such as Facebook or Pinterest) represent the other 30%.
Although new cloud applications are being introduced by employees every year, the growth rate in the number of cloud services has slowed down significantly, from a peak of 43% in 2014, to 15% in 2018.