The Data Dilemma: Cloud Adoption and Risk Report, published by Skyhigh Security, focuses on the persistent issue of how to protect data that is utilised, shared, and kept in current hybrid and cloud-first organisational systems. According to the study, 61% of sensitive data stored by enterprises is kept in the cloud on average. The majority of these organisations have also encountered at least one cybersecurity breach (90%), threat (89%) and/or data theft (80%), with 75% reporting having experienced all three. The report’s overall message emphasises the importance of filling in data security gaps by spending money on complete data protection that gives remote workers a secure and effective user experience.
According to Rodman Ramezanian, global cloud threat lead, Skyhigh Security, “Data is everywhere today, spanning devices, cloud applications, the web, and infrastructure, thus it comes as no surprise that one of the largest issues enterprises face is securing their essential data.” The use of both private and public cloud services, as well as tactics like Shadow IT and even economic concerns, are all aggravating the issue. With so many variables, it raises the question of whether businesses are using outdated techniques to address contemporary issues. In order to meet the needs of security teams today, our report’s findings highlight the significance of a unified platform with data, web, and cloud protection capabilities.
Cloud adoption is quickly accelerating.
The pandemic, which compelled the majority of firms to switch to a work-from-home or hybrid strategy, is one reason why public cloud usage has increased over the past several years. The report notes that between 2019 and 2022, survey respondents’ utilisation of public cloud services rose to over 50%. For instance, 41% of businesses use Microsoft 365, a Software-as-a-Service (SaaS) solution for email and/or file storage.
Businesses lack faith in cloud service providers’ data protection measures.
The survey shows that enterprises are aware they need better visibility into and more consistent control over where their data is moving, even if the cloud offers many benefits and fosters greater agility and cooperation.
SaaS users report sophisticated threats and assaults against their cloud application providers at a rate of 28%, up from 23% in 2019, and 23% report being unable to stop hostile insider data theft or misuse, up from 17% in 2019. 37% of businesses don’t trust the public cloud to protect their sensitive data overall. In the private cloud, this is just as worrying, if not more so. According to the survey, 26% of enterprises (up from only 9% in 2019) do not trust private cloud providers with their data, and the percentage of people who are having problems with private clouds has climbed by 15% since 2019 (from 82% to 97%).
Shadow IT and personal device use increase data risk.
Organizations are concerned about the proliferation of personal devices at work, which adds to concerns about increased malicious activity in the cloud and a lack of trust in providers’ ability to adequately protect data. The risk is further increased because six out of ten companies allow employees to download sensitive information to personal devices. Another topic that worries respondents to the survey is shadow IT, which is when employees order cloud services without IT approval or involvement. Organizations that claim Shadow IT is compromising their ability to keep data secure have increased by 25%, from 50% in 2019 to 75% in 2022.
Despite the fact that organisations are starting to implement various measures to stop data loss and theft, adoption is still low. According to the report, 42% of organisations use cloud access security broker (CASB) solutions, and 28% of organisations use secure web gateways (SWG) for additional security. Data loss prevention (DLP) and encryption are used by 23% of organisations when Shadow IT is uncovered to protect data in cloud services. Although implementing these technologies is a positive step, most people (86%) and/or users (79%) believe that cloud security could be made simpler from an administrator’s and/or user experience perspective.
The study discussed in the report highlights the benefits of a Security Service Edge (SSE) solution from a single vendor that integrates multiple security services, including CASB, SWG, Zero Trust Network Access, and a Cloud-Native Application Protection Platform. According to the findings, IT decision-makers should search for an SSE solution with a single, centralised platform that streamlines cloud security and enables security teams to apply uniform data protection controls and policies across the web, cloud, and private apps – from anywhere, using any application, on any device.