Study: Average organization has 4,000 instances of exposed credentials stored in the cloud
CloudLock released its “Cloud Cybersecurity Report: The Extended Perimeter” earlier this week that looked at enterprises' use of cloud applications and storage.
Companies are moving their data and workflow over to the cloud with increasing fervor, according to new research from CloudLock.
The company's “Cloud Cybersecurity Report: The Extended Perimeter” analyzed more than 750 million files, 77,500 apps and six million cloud users to find that, on average, every organization has 4,000 instances of exposed credentials.
The credentials were accessible across the entire company, externally, and in some cases, publicly. Furthermore, an average organization has 100,000 files containing sensitive information stored on public cloud applications.
Even with sensitive information possibly up for exploitation, 65 percent of security teams reported looking at what type of sensitive data is exposed in order to form their cloud cyber security strategy. Conversely, 35 percent focused on how and where the data was exposed. More specifically, security professionals who keep the type of data exposed top of mind, mainly worry about intellectual property and confidential information. Some also named credit card data and personal information as their biggest concern.
Ayse Kaya Firat, director of customer insights and analytics at CloudLock, noted in an interview with SCMagazine.com that security professionals need not worry about every document on the cloud.
Instead, she suggested focusing on an intellectual property road map of sorts to keep track of the most sensitive and critical information.
When it comes to third-party cloud apps, the report found a four times increase in the number used from the prior year with an average of 475 per organization. Even still, more than half of third-party apps were banned from enterprises in 2015, primarily due to their inappropriate nature and the vendor being untrustworthy.
With all these findings, CloudLock recommends security professionals focus on training users to ensure their application behavior doesn't put the company at-risk, as well as keeping track of cloud environments at the application, platform and infrastructure layer.