IT security heads may be drastically underestimating the size of their organisation’s cloud presence, leading to potentially huge security risk, a leading expert has warned.
Speaking to ITProPortal at the recent InfoSecurity 2017 event in London, Darren Thomson, EMEA CTO at Symantec, said that it was, “a massive, massive concern” that many CISOs and CIOs were unable to accurately say how big their company’s cloud presence was.
The company recently surveyed over a thousand CISOs around the world, finding that many were hugely unaware of how many cloud apps were in use at their business, potentially leaving them open to cyber-attack.
In the UK, the survey estimated that one in five apps used in organisations are unsanctioned, meaning confidential data could be highly at risk.
Referring to the survey, Thomson noted that many CISOs were, "not just a little bit wrong - they're orders of magnitude wrong when it comes to cloud use in their organisations."
"When you throw regulation on top of that, and think, OK, what data is going to those apps, then that becomes a real concern."
"The honeymoon is over, and people have to start taking usage of the cloud very seriously," Thomson adds. "The providers of cloud apps have made it incredibly easy for us to use them...but the problem is that the cloud app space has run away from the governance that the IT organisation has been looking after.”
Symantec is now pushing for companies to be far more thorough in how they govern cloud app usage, a problem which cannot be solved just by throwing technology at it, Thomson says.
"The first step has got to be understanding the size of the problem...what are the data sets you care about, and where are they going?"
“Step number one is, understand your data - you need to do some sort of audit, particularly on your cloud usage, to understand what people are using, and particularly, what are they using that you didn't already know about."