How does government cloud security stack up?
- By Derek Major
- Dec 10, 2015
What: “Riskiest Industries in the Cloud,” a new report from Cloudlock that analyzes anonymized usage data from the 10 million users, 1 billion files, and over 91,000 applications the company monitors. The report breaks down risk in the retail, manufacturing, healthcare, financial services, K-12, higher education, government and technology industries.
Why: Cloud adoption is growing exponentially. According to a Forrester projection, global public cloud purchases will grow from $72 billion in 2014 to $191 billion in 2020. By looking at public cloud usage and cybersecurity risk across industries, government security professionals can compare industry concerns and performance to assess their own security challenges.
Findings: Cloudlock found that regardless of industry, organizations have five primary cloud cybersecurity concerns: account compromise, cloud malware, excessive data exposure, collaboration and protecting personal identifiable information and payment card industry data.
In order to protect sensitive data while enforcing security regulations, government agencies focus primarily on preventing data leaks that could have legal implications – the exposure of Social Security numbers, for example.
When adopting cloud-based technologies, government agencies are highly focused on compliance, with 59 percent concerned with PII, 52 percent on data that seems confidential, 50 percent focused on proprietary information, 41 on payment card information and only 2 percent on password information.
While government has the most stringent defenses against data exposures, the 1 percent of users who do expose data are responsible for 73 percent of organization-wide exposures and 8 percent of public exposures.
Takeaway: The majority of organizations across industries are working to protect private data and are concerned about data being exposed, but still have vulnerabilities. Government agencies can address their cloud security concerns, Cloudlock concluded, by assessing and prioritizing data protection needs, educating end users and habitually assessing the effectiveness of current security solutions.
Read the full report here.
Derek Major is a former reporter for GCN.