CloudSphere (a cloud governance platform) has released findings of its cloud survey report, which is titled: “In the Dark: Why Enterprise Blind Spots are Leaving Sensitive Enterprise Data Vulnerable to Breaches.”
The report was based on discussions with 303 IT professionals, looking at current cloud infrastructure access, governance, and management practices and why and how often unauthorized access occurs.
Looking into this report, the findings suggest that almost one-third of enterprises experienced unauthorized access to cloud resources. Furthermore, an additional 19 percent of large businesses stated they were unaware if unauthorized cloud access occurred. This is a large and concerning proportion.
The reasons for this unawareness has been found to be largely driven by poor enforcement of identity and access management policies within the cloud.
Identity and access management concerns those policies, processes and systems that need to be in place in order to support on-boarding employees to a set permissions within an information technology system. Different permissions provide different levels of access and the ability to perform various functions.
As things stand, 78 percent of enterprises claimed to be able to enforce identity and access management policies. In addition to this, 69 percent reported policy enforcement issues created unauthorized access.
Not all of the news is bleak. The report finds that 80 percent of companies have developed their own cloud governance policies internally. Furthermore, 53 percent of companies reported 100 or more individuals have cloud access across numerous internal and external teams. The concern here, however, is that the majority of which have no security specific expertise.
A further issue that requires addressing at the corporate level was that just 50 percent of businesses indicate they review access policies and privileges monthly. In order to keep control, businesses need to put in place systems that permit greater checking.