by Claire Harratt

Head of Managed Security Awareness Services

Connect with Claire Harratt on Linkedin Connect with Claire Harratt on Linkedin

The State of Cloud Data Security

The cloud unlocks tremendous value for organisations, but along with convenience and collaboration, it is also much harder to spot risks. SaaS applications, in particular, are often the biggest blind spots for organisations looking to defend their data, as cloud applications create a broad, interconnected attack surface that can be compromised in new ways by insiders and external actors.

A recent survey by Varonis highlighted that, on average, a single terabyte of data in the cloud contained more than 6,000 sensitive files, nearly 4,000 folders shared with external contacts, and more than 2.1 million access permissions. In fact, the average company has: 

  • 10% of cloud data exposed to every employee 
  • 4,468 user accounts without MFA 
  • 40+ million unique permissions 
  • 12,000+ M365 sharing links 
  • 157K sensitive records exposed to everyone on the internet  
  • 33 super admin accounts 
  • 6% of all cloud data exposed to the entire internet 

The rapid pace of cloud transformation and adoption of cloud applications, particularly M365, has left IT staff with a monumentally difficult task of now untangling and mapping access permissions across their cloud estates. There are vastly more SaaS permissions to manage than on-prem alternatives, so the potential for data exposure, accidental or malicious, has increased exponentially. It’s a real headache for those responsible for securing your company’s ‘crown jewels’.  

Take M365 for example where it takes, on average, about six hours per folder to locate and manually remove global access groups, to create and apply new groups, and then subsequently populate those groups with the right users who need access to the data. For 1,000 folders, that’s 6,000 hours of work if you’re attempting this manually!  

Thankfully there is an easier way to manage your access permissions, enforce the principle of least privileged access, and reduce your attack surface. As a first step, we would suggest conducting a free data risk assessment with our partner Varonis. You can view an example output report from the exercise here. If you’d like to understand how much data you have, how much of it is sensitive, where it is stored, who has access to it, how often it is accessed and much more, then use the form below to request your risk assessment. 

Send us a message

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

We’re running an event on this topic – click here to find out the details: