A report that gathered enterprises’ cloud security posture from interviews with 303 IT professionals found that nearly one-third of companies had their cloud resources accessed without permission, while a further 19% of large companies said they don’t know whether they have been the victims of unauthorized cloud access, according to Digital Journal.

The CloudSphere report showed further gaps in enterprises’ cloud security measures and a lack of awareness regarding data exposure risks. This was found to be due to companies’ weak enforcement of identity and access management policies, with only 78% claiming to be capable of enforcing their identity and access management rules, while 69% reported experiencing unauthorized access incidents due to policy enforcement issues. Meanwhile, only 50% of companies said they perform monthly reviews of access policies and privileges.

On the positive side, 80% of firms said they have internally created their own cloud governance policies, while 53% said 100 or more of their personnel within a number of internal and external teams can access their cloud resources.