McAfee: 26% of companies have suffered cloud data theft

Enterprises are moving their data to the cloud, but not everybody is certain that the cloud is as secure as it could be, according to the third annual report on cloud security from cybersecurity firm McAfee. This is due in part to the fact that one in four companies has been hit with cloud data theft.

McAfee released its third annual report ahead of the RSA security conference in San Francisco this week. The survey polled 1,400 global information technology professionals in the fourth quarter.

“This year’s study demonstrates that there are firms ramping up cloud adoption and increasing investment to manage the risks, and conversely a larger number of organizations that are taking a more cautious approach,” said Raj Samani, chief scientist at McAfee, in the report.

The survey showed that 97 percent of companies use cloud services, either as a public or private cloud or a combination of both, up from 93 percent a year ago. Eighty-three percent store sensitive data in the cloud, but only 69 percent trust the public cloud to keep their data secure.

Above: Companies are storing sensitive data in the cloud, but not all are confident it is secure.

Image Credit: McAfee

About 83 percent of organizations that use the cloud have experienced at least one security incident. Common issues include lack of data visibility within cloud applications (30 percent), theft from cloud applications by a malicious actor (26 percent), incomplete control over who can access sensitive data (25 percent), and “shadow IT” provisioning cloud applications outside IT visibility (23 percent). One in five companies has experienced an advanced attack on their clouds.

Companies with a “cloud first” strategy plan to migrate 80 percent of their information technology budget to the cloud in the next 12 months, compared to 18 months for those without. But attitudes toward the cloud are mixed. The number of professionals reporting a “cloud first” strategy has declined to 65 percent, compared to 82 percent a year ago. In fact, 40 percent of IT leaders are slowing cloud adoption due to a shortage of cybersecurity skills.

McAfee’s survey of companies also found that fewer than 10 percent of companies anticipate decreasing cloud investment as a result of the European Union’s new privacy law, the General Data Protection Regulation. For companies with up to 1,000 employees, the average number of cloud services being used is 25, and that number grows to 40 services for enterprises with more than 5,000 employees.

McAfee also said today it is releasing McAfee Cloud Workload Security (CWS) v5.1, one of the core pillars of its Cloud Security Solution Portfolio. The new version will be available in the second quarter, and it identifies and secures Docker containers, workloads, and servers in public and private clouds.

Above: There are a wide variety of security challenges for cloud computing.

Image Credit: McAfee

McAfee CSW v5.1 quarantines infected workloads and containers with one click, thus reducing misconfiguration risk and increasing initial remediation efficiency by nearly 90 percent. McAfee’s survey said that containers have grown rapidly in popularity over the past few years, with around 80 percent of those surveyed using or experimenting with them. However, only 66 percent of organizations have a strategy to apply security to containers.