Skyhigh Networks has released findings of its European Cloud Adoption and Risk Report Q2, which shows that although 82% of UK-based IT decision-makers make use of Cloud services, a lack of security measures could put the organisation at risk of a data breach.
When one considers that the average European organisation uses 987 Cloud services, uploads 12.3 TB to the Cloud each month and uses 226 collaboration services (e.g. Gmail and Evernote), then some of the statistics presented in the survey are concerning if tight security controls aren’t properly enforced.
According to the survey:
- last year, only 18% of European organisations surveyed reported an insider threat;
- by contrast, 87% had behaviour indicative of an insider threat in the last quarter alone;
- 31% of passwords are reused in multiple places;
- the average European employee uses 23 different Cloud services;
- 1% of European companies have had at least one employee’s credentials compromised.
It takes just one compromised password
The survey warns that one compromised password could have devastating repercussions, and “strongly recommend that enterprises consider multi-factor authentication as a key component of safe cloud services.”
Audit your Cloud services
It is advisable to conduct an audit of all of the Cloud services being used by your employees as part of your regular information security risk assessment.
vsRisk™ includes the control set from the Cloud Control Matrix, in addition to five other control sets, to enable companies to conduct a comprehensive risk assessment of its data, including data in the Cloud.
vsRisk also provides control sets from ISO 27001, the PCI DSS, NIST SP 800-23, ISO 27032 and Cyber Essentials.
Other features of vsRisk include:
- A sample risk assessment
- A database of threats and vulnerabilities
- Compatibility with the ISO 27001 documentation toolkit, which enables users to upload the relevant documented evidence against the controls of ISO 27001:2013.