Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Only Quarter of IaaS Users Can Audit Config Settings

Most global organizations benefit from better security in the cloud than on-premise, with some key exceptions, including data loss prevention and configuration settings, according to McAfee.

The security giant polled 1000 enterprises around the world and combined its findings with threat data gleaned from its products to compile the Cloud Adoption and Risk Report.

The vast majority (87%) said they “experience business acceleration” through their use of cloud services.

However, while 52% benefit from improved security versus on-premise, and just 10% of data is hidden in shadow IT environments, there were caveats.

Only 36% of respondents said they could enforce DLP in the cloud, and just a third said they could control collaboration settings to determine how data is shared. Perhaps even more worryingly, only a quarter (26%) of IaaS users said they could audit configuration settings.

Misconfigured cloud infrastructure is an increasing problem: previous McAfee figures suggested 5.5% of Amazon S3 buckets in use are misconfigured to be publicly readable. They also revealed that enterprises are under-estimating the number of services they use by more than 6000% – believing they only use 30 but in reality using as many as 1935 unique services.

John Noakes, cloud specialist at IT solutions firm Insight UK, argued that this cloud sprawl should be cause for “major alarm.

“To have any hope of controlling risk, organizations need to understand the risks they face, and take firm control of their cloud environments. This means having rigorous controls in place to govern how cloud services are purchased and managed, so that IT is not left unaware of the potential scale of any problem,” he added.

“It means following best practice with commissioning and configuring cloud infrastructure, so that data is not left wide open to the public. Part of the problem is that legacy tools, skills and processes aren’t fit for the cloud era, yet many organizations haven’t adapted. As a result, they continue to leave themselves wide open to unnecessary risk.”

What’s Hot on Infosecurity Magazine?