REPORTCloudAdoptionandRiskReport2019REPORT2CloudAdoptionandRiskReportThroughanalysisofbillionsofanonymizedcloudeventsacrossabroadsetofenterpriseorganizations*,wecandeterminethecurrentstateofhowthecloudistrulybeingused,andwhereourrisklies.Considerthatnearlyaquarterofdatainthecloudissensitive,andthatsharingofsensitivedatainthecloudhasincreased53%year-over-year.Ifwedon’tappropriatelycontrolaccessandprotectourdatafromthreats,weputourenterprisesatrisk.IaaS/PaaSproviderslikeAWSareincreasingtheproductivityofourdevelopersandmakingourorganizationsextraordinarilyagile.Howeverorganizationsonaveragehaveatleast14misconfiguredIaaSinstancesrunningatanygiventime,resultinginanaverageof2,269misconfigurationincidentspermonth.Prominently,5.5%ofallAWSS3bucketsinusearemisconfiguredtobepubliclyreadable.Wecanseetheriskofimmediateandgrand-scalelossofdatastartingtogrowwiththesetrends.Weneedtogetthebasicsright,orfacelosingtheopportunityforbusinessaccelerationbeforethegaspedalcanhitthefloor.Themajorityofthreatstodatainthecloudresultfromcompromisedaccountsandinsiderthreats.80%oforganizationsaregoingtoexperienceatleast1compromisedaccountthreatinthecloudthismonth.92%currentlyhavestolencloudcredentialsforsaleontheDarkWeb.CloudAdoptionandRiskReportExecutiveSummaryCloudservicesbringamomentousopportunitytoacceleratebusinessthroughtheirabilitytoquicklyscale,allowustobeagilewithourresources,andprovidenewopportunitiesforcollaboration.Aswealltakeadvantageofthecloud,there’sonethingwecan’tforget—ourdata.Whenusingsoftware-as-a-service(SaaS)weareresponsibleforthesecurityofourdata,andneedtoensureitisaccessedappropriately.Whenusinginfrastructure-as-a-service(IaaS)orplatform-as-a-service(PaaS),weareadditionallyresponsibleforthesecurityofourworkloads,andneedtoensuretheunderlyingapplicationandinfrastructurecomponentsarenotmisconfigured.ConnectWithUs2019*Manyofthedatapointsweciteinthisreportaredeterminedbyenterprisepolicy.Forexample,classificationsof“sensitivedata”aresetbytheorganizationsinourstudy,notMcA...
