Most organizations need stronger security controls to stop cybersecurity breaches and cyberattacks, according to The Data Dilemma: Cloud Adoption and Risk Report from security service edge (SSE) company Skyhigh Security.
A Skyhigh Learned
Key takeaways from Skyhigh's report include:
- 97% of organizations indicated they are experiencing private cloud problems.
- 75% have experienced a cybersecurity breach, threat and/or theft of data.
- 75% said shadow IT "impairs their ability to keep data secure."
- 60% allow employees to download sensitive data to their personal devices.
- 52% noted their employees are using SaaS services that are commissioned by departments outside of IT and without direct involvement of their IT department.
- 38% reported their remote or hybrid workers are experiencing latency or bandwidth issues with a virtual private network (VPN).
- 37% said they do not trust the public cloud to secure their sensitive data.
Data loss remains "a serious and growing concern for organizations," Skyhigh indicated in its report. If organizations can monitor their cloud usage, they are well equipped to protect their data.
How to Monitor and Secure Data in the Cloud
Skyhigh's report revealed 70% of organizations are using cloud access security broker (CASB) or secure web gateway (SWG) solutions to manage non-IT-approved cloud usage. These solutions provide organizations with a "much-needed layer of security," Skyhigh indicated. They also allow organizations to automate security monitoring and management to reduce the burden on IT.
After organizations discover shadow IT, they commonly use data loss prevention (DLP), encryption and SSE technologies to secure their cloud services, Skyhigh stated in its report. In addition, some organizations block access to unauthorized cloud services to reduce or eliminate shadow IT.
Going forward, organizations must share responsibility across multiple departments to monitor and secure their data in the cloud, Skyhigh noted. If organizations establish clear ownership for data governance and control, all employees can do their part to protect data against threats.