As cloud adoption accelerates, enterprises continue to face challenges when securing and governing multicloud environments. Results of our new report “In the Dark: Why Enterprise Blind Spots are Leaving Sensitive Enterprise Data Vulnerable to Breaches” reveal significant enterprise cloud governance gaps and how these shortcomings ultimately leave sensitive data vulnerable to breaches. Below, we’ll dive into some of the report’s findings and discuss how to prevent these common issues from putting your data at risk.
Key Findings
Dimensional Research conducted the report by surveying 303 IT professionals from around the world. The research aimed to understand current cloud infrastructure access, governance, and management practices and why and how often unauthorized access occurs.
The survey uncovered a false sense of security with cloud access control and IAM policy enforcement, as 32% of enterprises revealed that they have experienced unauthorized access to cloud resources, and another 19% were unaware if unauthorized access occurred. This was discovered to be largely driven by poor enforcement of identity and access management (IAM) policies in the cloud.
Potentially exacerbating the risk, 53% of companies reported 100 or more individuals have cloud access across numerous internal and external teams, the majority of which have no security-specific expertise.
On top of that, our survey findings confirmed that unauthorized access often goes unnoticed, and misconfigurations are common. In particular,
- 60% report that the interval before correcting misconfiguration errors was monthly or longer
- Only 50% indicate they review access policies and privileges on a monthly basis
Failing IAM policies create significant risk
The complex nature of cloud environments can frequently lure enterprises into false confidence when it comes to secure access control. It has become increasingly difficult to maintain visibility within the cloud, and this report confirms the severe impact of this lack of awareness. And with 30% of organizations reporting millions of records that flow through their cloud solutions each month, the potential for loss is huge.
The survey indicates that while 78% of respondents claimed to be able to enforce IAM policies, 69% reported policy enforcement issues created unauthorized access. With the cost of each lost or stolen data record averaging $146, businesses are risking hundreds of millions of dollars in losses due to unauthorized access from ex-employees, hackers, external consultants and more. This lack of visibility and monitoring for unauthorized or misplaced access jeopardizes an organization’s security and can put customer data and company reputation at risk.
Preventing misconfigurations with cloud policy upkeep
As noted above, organizations often believe that their IAM policies are effective; when in reality, unauthorized access and misconfigurations frequently occur. To ensure your company’s IAM policies are as effective as you perceive them to be, a unified approach to cloud governance is a must.
The CloudSphere platform provides a unique application-level view establishing the guardrails needed to plan effectively and maintain control in multi-cloud environments. CloudSphere also tracks who has access to your most critical assets in the cloud and visualizes access paths to gain insights into users and attached policies and permissions. With comprehensive visibility and the ability to remediate issues before they can be exploited, CloudSphere ensures the diligent and persistent upkeep of policies and access rights in your cloud environment.
To read the full report and discover more best practices for managing governance in the cloud, download the free report here.