Automation, DevOps and unified security management key to cure cloud ills, says McAfee

Cloud services are becoming practically ubiquitous – but according to the latest study from McAfee, one in four organisations who use the public cloud has had their data stolen.

The findings appear in ‘Navigating a Cloudy Sky: Practical Guidance and the State of Cloud Security’, a report which surveyed more than 1,400 IT professionals around security concerns with private and public cloud services.

Usage numbers are as strong as one would expect – except for one. 97% of respondents said they were using cloud services of some form, while more than four in five (83%) say they store sensitive data in the public cloud. Yet while two thirds (65%) said they had a cloud-first strategy, this was down from last year’s ranking of 83%. McAfee puts this down to caution on the part of certain companies – but added that ‘the more they know, the more confident IT professionals are that cloud-first is the course they want to be on.’

A quarter of firms polled who use IaaS, PaaS or SaaS said they have had data stolen, while one in five has experienced an advanced attack against its public cloud infrastructure. This is particularly serious given the various types of sensitive data stored. 61% of firms polled said they stored personal customer information, while 30% store intellectual property and healthcare records.

With GDPR just around the corner – only a month away – organisations reported a significant increase in their compliance efforts. Fewer than 10% of respondents said they were dialling back investment in their cloud provider because of GDPR.

The report gives three best practice tips for organisations looking for greater security gains. Firms should, if they’re not already, explore DevOps and DevSecOps environments – ‘integrating development, quality assurance and security processes within the business unit or application team is crucial to operating at the speed today’s business environment demands’ – as well as invest in a unified management platform across multiple clouds and automation techniques.

“Despite the clear prevalence of security incidents occurring in the cloud, enterprise cloud adoption is pressing on,” said Rajiv Gupta, McAfee senior vice president. “By implementing security measures that allow organisations to regain visibility and control of their data in the cloud, businesses can leverage the cloud to accelerate their business and improve the security of their data.”

You can read the full report here (registration required).