The cloud infrastructure security company Ermetic conducted an IDC Survey of 200 Security Decision Makers and concluded that 98% of companies experienced either one or multiple data breaches in the past 18 months. This is almost a 20% increase from last year (79%).
What’s more baffling is that 67% of the companies experienced at least three or more data breaches, whereas 63% had sensitive data exposed. About 60% of the security decision-makers and the 200 CISOs who participated in the survey blamed lack of visibility, inadequate identity, and access management as the primary threat to their cloud infrastructure.
The State of Cloud Security
Due to these incidents, about 85% of the security decision-makers plan to increase their cloud infrastructure spending. The organizations that had data breaches and participated in the IDC Survey work in the following fields:
- Banking and Insurance (13%)
- Healthcare (11%)
- Pharmaceuticals (12%)
- Manufacturing (11%)
- Retail (11%)
- Software Development (11%)
- Other Sectors (31%)
These organizations range in size from 1,500 to 20,000 employees, and 85% of the targeted companies were the ones that had annual cloud infrastructure budgets of at least $50M or more, and 83% of their cloud breaches were related to access.
Around 71% of organizations typically use commercial security tools offered by their cloud providers. However, only 20% of these companies are satisfied with their cloud security.
Most Organizations Prefer Least Privilege But Are Struggling With It
Least privilege is a method in which privileges are restricted for users, programs, and processes, granting them the ability to do their job with limited access to other pieces of information. It reduces everything to the bare minimum of accessing only the information and resources needed for its legitimate purpose.
Though least privilege might improve security, 50% of the larger organizations admitted struggling with this implementation. About 29% of them cited that it is too difficult and time-consuming to implement, 29% reported a lack of personnel/expertise, and 29% used multi-clouds.
How Can Organizations Take Preventive Measures in Cloud Breaches in the Future?
Apart from the principle of least privilege mentioned above, companies and organizations can take other preventive measures to protect their data and thus permanently increase their security.
Use a VPN Provider for Any Operating System
Cloud-based companies should consider using VPNs to boost their security. If your company depends on business calls, for example, make sure that your employee’s phones are also secured. You can use a VPN for iOS, Android, or other operating systems.
A VPN is easy to use, and you won’t have to explain too much to your employees on how to use it. A VPN will grant you privacy and anonymity by hiding your IP address, taking your business below the radar of would-be attackers, and preventing data breaches. If your employees are secured, your business is secured, and a good VPN provider will ensure that additional security.
Work Only With Solid and Reputable Cloud Platforms & Cloud Security Companies
You should never compromise on security if your data on your cloud-based business can be used against you. As such, you should always opt for the best and most secure cloud platforms available.
Use Strong Passwords and Limit Access
Lastly, to increase your security and further avoid data breaches on your cloud business, make sure your employees use strong passwords and limit access through processes such as the principle of least privilege mentioned earlier. Security is not something to mess around with, especially if it affects your business. It might seem like a hassle to increase it, but it will help you in the long run, and you will be grateful for it regardless!