Shadow IT and Infrequent Audits
Blancco Technology Group Study Finds 26 Percent of Organizations Have Limited Visibility into Use of All Cloud Storage Providers
Atlanta and London, October 12, 2016 – Lack of visibility into an organization’s use of cloud providers can lead to unauthorized access to data, improper handling and storage of data and improper data removal. As a result, organizations are left highly exposed and vulnerable to a data breach, reveals the “Lost in the Cloud: Data Security Challenges and Risks” research study released today by Blancco Technology Group (LON: BLTG).
Based on a survey of over 290 IT professionals in the US, Canada, Mexico, UK, Germany, France, India, Japan and China, the study indicates that 26 percent of organizations are either “not confident’ or ‘somewhat confident’ about their IT teams’ knowledge of the use of all cloud storage providers. Further exacerbating data security vulnerabilities in the cloud, 15 percent of organizations rarely or never conduct audits of cloud providers who are storing their corporate data.
Key findings from the study include:
- Consolidation and diversification is the name of the cloud computing game. 89 percent of the surveyed IT professionals said they use a total of 1-15 private cloud storage providers and 92 percent use 1-15 public cloud storage providers.
- Fighting off APTs, compromised credentials and hacked interfaces are top cloud security priorities. When we asked IT professionals to rank various cloud security threats in terms of their company’s priority – specific to budgets, resources and tools – the respondents cited advanced persistent threats (APTs), compromised credentials and hacked interfaces/APIs as being top priorities.
- Data migration and data center decommissioning processes are fundamental to preventing data loss. 16 percent of organizations admitted that they ‘do not know’ what security precaution they would take to prevent data loss/theft when decommissioning/shutting down a cloud/virtual server.
- Cloud storage needs defined audit processes and monitoring to stay compliant. Close to half (40 percent) of organizations believe storing corporate data in a cloud environment increases their compliance risk.
Richard Stiennon, Chief Strategy Officer of Blancco Technology Group, urges organizations to counter these data security vulnerabilities by conducting cloud compliance audits on a regular basis. “Whenever storing data offsite with a cloud provider, organizations must be diligent in knowing where their data is being stored, how it’s being protected and when it needs to be removed (in the case of migrating data to a new vendor or consolidating data centers, for example). A cloud compliance audit should include a review of policies and procedures that the cloud storage provider applies to your data, the technical solutions in place to protect your data and the skills of technical or business staff responsible for your data.”