4 Cloud Computing Security Risks Every Enterprise CIO Must Know

Enterprise Security Magazine | Wednesday, October 16, 2019

Utilizing cloud-based solutions is a trend that continues to grow over time. When information on cloud increases, the need to secure the data and information increases with it, the enterprises must know what risks they will face in the future, along with how to improve and enhance the  presentsecurity systems with varied measures.

FREMONT, CA: According to analyst firm Forrester, the cloud computing market is expected to grow to $191 billion by the year 2020 from $91 billion in 2015. There are many advantages of using cloud computing, most significant being lower cost, faster time to market, and enhanced employee productivity. However, data security is a major concern that is holding back cloud adoption and driving CASB adoption. The workers are not waiting for IT, rather they are bringing the cloud services to work as a part of a larger "bring your own cloud" or the BYOC movement. Ponemon Institute surveyed several IT and security leaders to disclose how the organizations are managing the user-led cloud adoption. Past years have witnessed an explosion of new apps, which help people be more productive. The workers are deploying these apps to work and to do their jobs more efficiently. The organizations started leveraging the benefits of BYOC with a special term named shadow IT. In most of the instances, shadow IT begins with good intentions. The employees use these apps, which help them increase their productivity without being informed about the risks of storing corporate data in unsecured apps.  The Ponemon survey revealed that many respondents don't know how pervasive the problem of BYOC is within their own organization. The organizations may not be knowing what applications and cloud services employees use. They might not be knowing what information is exposed, where it is going, and what impact it will bring while being shared. Listed below are some of the risks of BYOC. Some of these risks are linked to weak cloud security measures of the services.

1.Loss of theft of intellectual property

The organizations store sensitive data in the cloud. A study by Skyhigh found that 21% of files uploaded to cloud-based file-sharing services comprises sensitive data that includes intellectual property. When a cloud service is violated, cyber criminals get access to this sensitive data. After a breach, certain services can even pose a risk if their terms and conditions claim ownership of the data uploaded to them.

2.Data violation requires discloser and notification to victims

If sensitive or regulated data is added in the cloud, and something happens, the company may be required to reveal the violation and send notifications to potential victims. Certain regulations such as HIPAA and HITECH in the healthcare industry and the EU Data Protection Directive need these disclosures. Following legally-mandated violation disclosures, regulators can levy fines against a company, and it’s not uncommon for consumers whose data was compromised to file lawsuits.

3. Compliance violation and regulatory actions

Presently, most of the companies are operated under some sort of regulatory control of their information, whether it’s HIPAA for private health information, FERPA for confidential student records, or one of the many other government and industry regulations. Under these regulations, companies must know where their data is and who is able to access it. BYOC often violates every one of these tenets, putting the organization in a state of non-compliance, which can have serious repercussions.

4.Contractual violations with the customers or business partners

Contracts among the business parties often limit how the data is used and who is authorized to access it. When employees move limited data into the cloud without authorization, the contracts may be violated and later result in legal actions. A cloud service that claims the right to share all data uploaded to the service with third parties in its terms and conditions, thereby violating a confidentiality agreement with the enterprise, which was made with any individual or business partners is an example of this.

Check out: Top Risk Management Solution Companies

Weekly Brief