Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Cloud Risk Trends for 2019: New Research from McAfee
David Berardinelli, Cloud Security Architect
Full Report here:
https://www.skyhighnetworks.com/cloud-report/
• Comprehensive Cloud Usage Data • Based on Anonymized Information from
MVISION Cloud Production• 1000s customers• 2 billions events a day
McAfee Cloud Risk Trends for 2019
97% of surveyed companies are actively adopting the cloud
Source: McAfee Cloud Adoption Report, Nov 2018
5
Perception
0200400600800
100012001400160018002000
SurveyNorth
America
SurveyLATAM
SurveyEurope
SurveyAPAC
SurveyJapan
Reality
Total Cloud Services
6
The average organization now uses 1,935 cloud apps
457638
8541018
11691353
169
259
333
409
513
582
626
897
1187
1427
1682
1935
2013 2014 2015 2016 2017 2018
Enterprise cloud apps Consumer cloud apps
an increase of 15% over last year
Source: McAfee Cloud Adoption Report, Nov 2018
7
Perception vs Reality
What you don’t see can’t be secured
0200400600800
100012001400160018002000
SurveyNorth
America
SurveyLATAM
SurveyEurope
SurveyAPAC
SurveyJapan
Reality
Total Cloud Services
Perception Gap
8Source: Business @ Work Finance 2018, Okta
The average Financial Services organization uses 1,545 cloud apps
9
There are over 400 collaboration and file sharing applications in use
File Sharing & Collaboration,
20.9%
Finance, 7.5%
IT Services, 7.1%
Cloud infrastructure,
7.1%
Development, 6.5%
HR, 6.3%
Education, 5.7%
Business Intelligence,
5.3%
Security , 3.8%
Media, 3.6%
Healthcare, 3.2%
CRM, 2.0%
Other, 5.3%
Project Management
, 2.4%
Cloud Storage,
2.3%
E-Commerce,
2.3%
Content Sharing,
2.3%
Social Media, 1.7%
Logistics,
1.7%
Networking,
1.5%
Tracking , 1.4%
10
Low Risk Apps76%
Medium Risk Apps15%
High Risk Apps9%
Risk: Some of these even claim ownership of data uploaded in their terms of service
11Source: McAfee Cloud Adoption Report, Nov 2018
Most Cloud Apps are not Enterprise-ready
McAfee Confidentiality Language
Sanctioned Services
Full Report here:
https://www.skyhighnetworks.com/cloud-report/
14
Top 10 Cloud Services
83% of organizations worldwide admit that they store sensitive data in the cloud
Source: McAfee Cloud Adoption Report, Nov 2018
16
16%
31%
8%7%
13%
11%
5%5%
Salesforce
Office 365Google Docs2%
Slack2%
AWS
CustomApps
BoxServiceNow
High-RiskShadow
Med/Low-RiskShadow
Office 365 contains the most sensitive data, at 31%
Source: McAfee Cloud Adoption Report, Nov 2018
17
Sensitive Data in the Cloud
Confidential data, 27%
Email data, 20%
Password protected data, 17%
PII, 16%
Payment data, 12%
PHI, 9%
18
Sensitive Data in the Cloud – When Sharing isn’t Caring
17%
18%
22%
16%
17%
18%
19%
20%
21%
22%
23%
2016 2017 2018
22% of cloud users share files
19
Sensitive Data in the Cloud – When Sharing isn’t Caring
43%
47%
48%
40%
41%
42%
43%
44%
45%
46%
47%
48%
49%
2016 2017 2018
48% of all files in the cloud are shared with at least one other person
20
12% of shared files are accessible to anyone with a link
14% of files shared with a personalemail address
Source: McAfee Cloud Adoption Report, Nov 2018
Sensitive Data in the Cloud – When Sharing isn’t Caring
McAfee Confidentiality Language
IaaS
Full Report here:
https://www.skyhighnetworks.com/cloud-report/
23
AWS dominates in terms of user access count
Source: McAfee Cloud Adoption Report, Nov 2018
24
Most organizations have a multi-cloud strategy
Source: McAfee Cloud Adoption Report, Nov 2018
+ GCP
Average organization has 14 misconfigured IaaS services running at a given time
Source: McAfee Cloud Adoption Report, Nov 2018
26Source: McAfee Cloud Adoption Report, Nov 2018
27
Data Exposures in IaaS—Ghost Writer
McAfee Discovers Ghost Writer – S3 Buckets Configured for Write Access open up Customers to Major Vulnerabilities
McAfee Confidentiality Language
Cloud Threats
Threats in Office365 have grown 63% in past two years
30
Cloud is the new favorite target of threat actors
Source: McAfee Cloud Adoption Report, Nov 2018
31
Data Exposures in SaaS—Knock Knock
McAfee Discovers Knock KnockHacker Exploiting Compromised Admin
Account to hack into Office 365
32
Identifying cloud threats is like finding a needle in the “CloudStack”
100M:1 events:threats
Source: McAfee Cloud Adoption Report, Nov 2018
So, what do we do about all this???
Full Report here:
https://www.skyhighnetworks.com/cloud-report/
35
Data Classification & Accountability
Client & End-Point Protection
Identity & Access Management
Application Level Controls
Network Control
Host Infrastructure
Physical Security
SaaSPaaSIaaS
Cloud Shared Responsibility Model
Service Provider Responsibility
Customer Responsibility
SaaS
IaaS/PaaS
36
Unmanageddevices
Collaboration Malware
Rogue Employee
Compromised Accounts
Shared Responsibility Model for SaaS
37
Compromised Accounts
MalwareMisconfiguration
Provisioning Sprawl
Containers and Workloads
Rogue Use
Workload to Workload Communication
Shared Responsibility Model for IaaS/PaaS
“Through 2020, 95% of cloud security failures will be the customer’s fault.”Gartner Magic Quadrant for CASB—2017
In 2018, the 60% of enterprises that implement appropriate cloud visibility and control tools will experience 33%
fewer security failures
Source: Gartner
Through 2020, public cloud infrastructure-as-a-service (IaaS) workloads will suffer at
least 60% fewer security incidents than those in traditional data centers
Source: Gartner
41
MVISION Cloud
Secure Enterprise Data in the Cloud and Protect from Threats
SaaS IaaS/PaaS
MVISION Cloud
Visibility Data Security
Compliance Threat Protection
Adopt a CASB Platform
McAfee Confidentiality Language
Thank you!http://www.mcafee.com/cloud
Full Report here:
https://www.skyhighnetworks.com/cloud-report/