Risk of data in cloud and Shared responsibility model
An average enterprise organization experiences 31.3 cloud security related security threats each month and these include:
- Insider threats (Accidental or malicious)
- Privileged user threat
- Threats arising from compromised accounts – Mcafee(2019)
Cloud services provide organizations the opportunity to quickly scale and be agile with available resources. Cloud services could be any of Software as a service (SaaS), Infrastructure as a service (Iaas) and Platform as a service (Paas). Organizations are now migrating from on premise IT resources to the cloud. As you take advantage of these cloud services, you must not forget about the data created.
Due to the increased use of cloud services over the past decade, many organizations cannot function without the cloud. There is also increased trust leading to organizations not worrying about storing sensitive data on cloud. The different types of sensitive data stored due to creation and sharing of data include: confidential (27%), email (20%), password protected (17%), personally identifiable information (17%), personal healthcare information (9%) and payment (20%).
With data on cloud, security threats are no longer isolated to personal computers and network applications. Increased popularity of services like Microsoft Office 365 has led to shift of corporate data to cloud resulting in large increase in sensitive data flowing through the cloud especially email services. Email is one of the easiest vectors for data loss. Moving it to cloud removes visibility for IT teams as data isn’t on their servers anymore. File and data sharing in particular are increasing and leading to loss of data.
According to a Mcafee report, nearly a quarter of data in the cloud is sensitive and sharing of sensitive data in the cloud has increased by 53% year on year (2019). In addition:
- 21% of all files in cloud contain sensitive data
- Threat events in the cloud have increased by 27.7 % from previous year.
- 80% of all organizations experience at least 1 compromised account threat every month
- 92% of all organizations have stolen cloud credentials for sale on the dark web
Unfortunately, organizations over trust cloud services to keep their data secure. Many think cloud service providers keep data secure while others think their service provider is responsible. This is not true as cloud security is a shared responsibility and no cloud provider provides or guarantees 100% security. Total security involves data loss prevention, access control, collaboration control and user behavior analytics. Hence why responsibility for security is shared. The cloud service provider is responsible for security of the cloud and customers are responsible for data they put in the cloud. Depending on the type of cloud services, responsibilities will change.
Microsoft Shared Responsibility Model for Different Cloud Services
Service provider guarantee a secure infrastructure with comprehensive security controls. Hence, they are responsible for infrastructure and cloud security. You as the customer are responsible for securing everything in the cloud. That means you have full ownership and control of your data. You are responsible for securing data, endpoints, accounts and access management.
Example of Shared Responsibility Model
According to Extrahop, by 2022 95% of cloud security failures will be caused by missteps on customers part. Hence, its more important than ever for customers to be informed of their responsibility towards data security. As cloud services evolve, so must your security mitigation techniques and our business continuity solution can help you achieve this. Having a business continuity solution helps:
- Visualize relationship between devices
- Detect potential security threats like ransomware in real time
- Easily investigate and remediate issues
Contact us today at 902-801-7922 or email [email protected] for a personalized audit of your cloud services and identify associated risks.