Survey finds that organizations experience high levels of unauthorized access to cloud resources
- Published: Thursday, 04 March 2021 08:07
CloudSphere has published the findings of its new report ‘In the Dark: Why Enterprise Blind Spots are Leaving Sensitive Enterprise Data Vulnerable to Breaches’, conducted by Dimensional Research. Report findings revealed that 32 percent of enterprises experienced unauthorized access to cloud resources, and another 19 percent were unaware if unauthorized access occurred. This was found to be largely driven by poor enforcement of identity and access management (IAM) policies in the cloud. To add to these issues the report highlights that 60 percent say that the interval before correcting misconfiguration errors was monthly or longer.
CloudSphere commissioned the report, surveying 303 IT professionals from around the world. The research aimed to understand current cloud infrastructure access, governance, and management practices and why and how often unauthorized access occurs.
“As cloud adoption accelerates, securing and governing multicloud environments is a top IT challenge facing enterprises,” said Keith Neilson, technical evangelist for CloudSphere. “This research highlights the immense cloud governance gaps enterprises experience that ultimately leave sensitive data vulnerable to breaches. It is critical enterprises adopt a unified approach to properly govern cloud access and protect enterprise data to avoid costly breaches and preserve trust.”
Due to the complex nature of cloud environments, having visibility into which users have access to data and resources is increasingly difficult. Particularly troubling is the disparity between the enterprise’s perception of secure access control and the reality of policy enforcement failures. Research found that while 78 percent claimed to be able to enforce IAM policies, 69 percent reported policy enforcement issues created unauthorized access.
Highlighting just how crucial it is for enterprises to improve IAM policy enforcement, 30 percent of respondents reported millions of records flow through their cloud solutions each month, and with the cost of each lost or stolen data record averaging $146, businesses are risking hundreds of millions of dollars in losses due to unauthorized access. Unauthorized access included ex-employees, hackers, external consultants, and partners, which highlights the lack of context and controls for authorized and defined users and groups within cloud environments. Results point to a clear lack of visibility and monitoring for unauthorized or misplaced access, which ultimately threatens an organization’s security.
Enterprises are taking on this challenge alone and failing, with 80 percent of companies developing their own cloud governance policies internally. Despite having policies in place, the lack of enforcement ultimately leads to unauthorized access and the risk of costly breaches of sensitive data, damaging company trust and valuation.
Cloud access across teams puts data at risk
53 percent of companies reported 100 or more individuals have cloud access across numerous internal and external teams, the majority of which have no security specific expertise. For example, 72 percent say developers have cloud access, and 69 percent say DevOps teams have cloud access. This large number of users with minimal security expertise increases the potential for error, and mistakes become inevitable when trying to control access to cloud resources. Also, 41 percent say consultants have cloud access, and 25 percent say partners have cloud access. Access by these parties from outside of the organization puts data at even greater risk.
Why IAM solutions fail
Gartner found that 81 percent of organizations use a multicloud approach and as public cloud providers' IAM tools typically can't expand beyond their own platform, it is increasingly difficult to implement a standardized IAM solution across all cloud platforms. The CloudSphere research report found that 85 percent of companies utilize different cloud provider access tools for each environment, and more than half (57 percent) of companies use numerous cloud IAM tools to govern their multicloud environments. Manual errors are also a leading reason why IAM solutions fail, as 63 percent noted IAM solutions were not properly configured, and 56 percent said roles and access rights were improperly entered.