Elon Musk recently made the news for not securing his cloud account. Source: Shutterstock Source: Charley Gallay/Getty Images for E3/Entertainment Software Association/AFP
The average enterprise organization now uses 1,935 cloud services
WHEN CLOUD services first made a debut a couple of years ago, they were basically limited to data storage and sharing services.
Over the next few years, the cloud space evolved into an ecosystem of its own with applications that can support every industry and enterprise.
According to the latest figures, the average enterprise organization now uses 1,935 cloud services, an increase of 15 percent over last year. However, the growth rate in the number of new cloud services being used by employees has slowed down significantly, from a peak of 43 percent in 2014, to 15 percent in 2018.
This indicates that the market is reaching a certain level of stability as far as the use of cloud applications go.
Experts also see this as a sign that companies are beginning to fine-tune their cloud applications to achieve synergies and deliver on ROIs as they begin to climb the digital maturity curve.
Broken down by service type, enterprise applications account for 70 percent of cloud services in use, while cloud services intended for consumers represent the other 30 percent.
When the cloud market was analyzed by categories, it was found that applications belonging to the file-sharing and collaboration category stood at 20.9 percent and leads the enterprise cloud market overall. Finance represents 7.5 percent, IT services and cloud infrastructure make up 7.1 percent each, and development totals 6.5 percent.
What’s exciting to note is that cloud-based HR applications make up a strong 6.3 percent of the enterprise cloud market, and cloud-based business intelligence applications make up 5.3 percent of the market.
Does increased cloud activity warrant more security?
As the number of cloud services and cloud users has grown, so has the amount of cloud activity. The average organization today generates more than 3.2 billion unique transactions in cloud services each month (such as user login, upload file, edit document, and so forth).
Hackers and cyber-criminals, therefore, believe cloud service providers and larger cloud systems to be treasure troves of financial and operational information worth trillions of dollars.
The average enterprise, according to an interesting new report, says that organizations experience 31.3 cloud-related security threats each month, a 27.7 percent increase over the same period last year.
Broken down by category, these include insider threats (both accidental and malicious), privileged user threats, and threats arising from potentially compromised accounts.
Diving deeper into those threats will help CXOs understand the kind of security measures they need:
# 1 | Insider threats
Organizations experience an average of 14.8 insider threat incidents each month, and 94.3 percent of organizations experience at least one insider threat incident per month on average.
Insider threats include behaviors that unintentionally expose an organization to risk such as sharing a spreadsheet with employee Social Security numbers externally.
This is why employees are considered the most challenging piece in the cybersecurity puzzle and often demand frequent training.
Insider threats also include staff acting with malicious intent such as a salesperson downloading their full contact list before leaving to join a competitor. Such activities can be minimized by monitoring company networks closely but raise questions about employee privacy.
# 2| Privileged user threats
Privileged user threats occur monthly at 58.2 percent of organizations, with organizations experiencing an average of 4.3 privileged user threats each month.
According to the report, threats can take different forms, ranging from an administrator accessing data in an executive’s account to modifying security settings in a way that unintentionally weakens security.
Often, privileged users can wreak havoc in a corporate network if they’ve been granted access to multiple solutions over time — none of which have been revoked despite the events necessitating access (a project or role) being completed.
This is why organizations need strong identity and access management (IAM) solutions to support their business and adequate policies depending on use cases and custom scenarios analyses.
# 3 | Compromised accounts
On average, organizations experience 12.2 incidents each month in which an unauthorized third-party exploits stolen account credentials to gain access to corporate data stored in a cloud service. Something similar happened to Tesla CEO Elon Musk recently.
These incidents affect 80.3 percent of organizations at least once a month. Further, 92 percent of companies have cloud credentials for sale on the Dark Web.
Although this sounds like a losing battle, business-critical cloud services these days support multifactor authentication (MFA) which can help reduce risk from compromised accounts.
In the near future, MFA will be augmented with AI to really tighten up security without spoiling the customer’s security experience.
Soumik Roy is a business and technology specialist. He helps small and medium enterprise owners understand what's most important to their company's growth and success.
READ MORE
- Strategies for Democratizing GenAI
- The criticality of endpoint management in cybersecurity and operations
- Ethical AI: The renewed importance of safeguarding data and customer privacy in Generative AI applications
- How Japan balances AI-driven opportunities with cybersecurity needs
- Deploying SASE: Benchmarking your approach