Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Only 17% of organizations encrypt at least half of their sensitive cloud data

published on 2021-06-02 22:33:48 UTC by Steve Zurier
Content:
A woman speaking on a mobile phone walks past a cloud computing presentation ahead of the CeBIT technology trade fair in 2012. (Sean Gallup/Getty Images)

New research by Thales on security trends one year into the pandemic found that about 50% of businesses say that they store more than 40% of their data in external cloud environments, but only 17% have encrypted at least half of their sensitive data in the cloud.

While this raises some concerns, the Thales 2021 Data Threat Report, based on a study by 451 Research, pointed to some improvement in regulated industries. For example, 33% of health care respondents say they encrypt their data.

However, mitigating cloud-related data breaches via data encryption stands as just part of the puzzle, said Ted Driggs, head of product at ExtraHop.

“While we agree that encryption is an important part of securing the cloud, we feel it’s only a partial security strategy and organizations must do more to protect themselves against the sophisticated attacks that have become our daily reality,” Driggs said. “For complete cloud security an organization should encrypt data to protect it in the cloud and also implement real-time threat detection and response.” 

Kevin Kennedy, vice president at Vectra, said attackers love the cloud for the same reason organizations do: it stores critical data in one easy to access place. Today, it’s incredibly easy for adversaries to abuse user credentials and take over cloud accounts, he said. Vectra research shows account takeovers in Office 365 have become the largest threat vector in the cloud, while, according to the Verizon Data Breach Investigations Report (DBIR), 77% of cloud breaches involved account takeovers – with misconfiguration of production environments and improper IAM and permission configurations other top threats.

“Once attackers have access, they may try to hide their tracks or move laterally between cloud services and the network to reach sensitive data, or may stay on the network undetected,” Kennedy said. “This is why you need to have detection within the cloud, not just prevention-focused tools that try to stop attackers gaining access to systems. At some point, an attacker will get in. When they do, it’s vital they are caught before they have the chance to do any harm.”

The Thales survey also found as the pandemic pushed organizations to the cloud many now use multiple providers for Infrastructure-as-a-Service (IaaS). Some 53% use AWS as their IaaS provider and 41% opt for Microsoft Azure with considerable overlap across Google Cloud, IBM Cloud, Oracle and Alibaba.

Organizations are also more measured in using Platform-as-a-Service (PaaS) providers. The largest percentage indicated they’re using two (44%) PaaS providers. And 21% identified that they use three PaaS providers. The use of multiple SaaS-delivered applications was much higher, as 27% usee more than 50 SaaS apps and 16% use 51-100 SaaS applications.

The post Only 17% of organizations encrypt at least half of their sensitive cloud data appeared first on SC Media.

Article: Only 17% of organizations encrypt at least half of their sensitive cloud data - published over 3 years ago.

https://www.scmagazine.com/home/security-news/only-17-of-organizations-encrypt-at-least-half-of-their-sensitive-cloud-data/   
Published: 2021 06 02 22:33:48
Received: 2021 06 02 23:00:25
Feed: SC Magazine
Source: SC Media
Category: News
Topic: Cyber Security
Views: 3

Custom HTML Block

Click to Open Code Editor