Security in the Cloud Requires Visibility
Security in the Cloud Requires Visibility

There is a rapid enterprise movement toward the cloud, and yet such movement has remained uncoordinated. Gartner estimates that less than one-third of enterprises have a documented cloud strategy. This has led to an explosive growth in Shadow IT and Shadow data as well as application development that is uncoordinated and inefficient.

When it comes to the current security landscape, Gartner research has identified that SaaS applications are often the most risky of cloud deployments (as opposed to IaaS or PaaS), with the top risks including:

  • Sensitive data placed in unapproved services
  • Authorized users misusing cloud-based data
  • Stolen credentials
  • Unrecoverable data loss and service shutdown
  • Cloud compromise (“cloud hacking”)

Shadow IT

Typically, enterprises have as many as 20-900 SaaS vendors, which leads to less visibility into user activity and less ability to impose policy. These numbers corroborate earlier findings suggesting that the average organization uses 841 cloud apps, a figure more than 20x their own estimates. Although cloud service providers have dedicated security teams, the use of cloud services “doesn’t absolve security leaders of their responsibility to actively manage cloud security,” notes Steve Riley, research director at Gartner.

Gartner estimates that by 2018, 60% of enterprises that implement appropriate cloud visibility and control tools will experience one-third fewer security failures. Gartner recommends the following strategies to improve cloud security:

  1. Incorporate appropriate identity and access management
  2. Isolate data at rest with encryption
  3. Segment and contain traffic with virtual network and filtering controls
  4. Establish a security control plane via third-party tools to achieve better visibility, data security, threat protection and compliance
  5. Take full responsibility for application and instance security
  6. Backup all data in a distinct fault domain
  7. Investigate potential of being “compliant by inclusion”

As Gartner suggests, staying secure in the cloud is a shared responsibility and the use of tools such as Absolute DDS can help achieve that missing visibility into cloud storage applications. Using Absolute DDS, you can identify corporate devices containing files that are synchronized with cloud storage applications, scanning for at-risk data with remote capabilities to remediate potential compliance violations. Learn more about how to take control of at-risk data in the cloud at Absolute.com