Cloud data remains vulnerable to cyberattacks

IT organizations across industries, including healthcare, lack confidence in their ability to secure sensitive data in the cloud, according to a new report from the Cloud Security Alliance (CSA). Only 39% of the more than 1,600 IT and security professionals who responded to CSA’s July 2022 online survey felt highly confident in cloud data security at their respective organizations.

What’s more, 40% of respondents indicated that only half of sensitive data in the cloud has enough security protection. A mere 4% said they have sufficient security for all data in the cloud.

Problematic third-party access

CSA’s research also revealed another level of concern regarding cloud data security: Third parties and suppliers often have similar access to sensitive data compared to internal employees. CSA concluded from a separate study that third parties, contractors and suppliers comprise nearly 60% of commonly targeted groups in cyberattacks.

“Cybersecurity really is a supply chain problem,” noted Richard George, former National Security Agency technical director of information assurance and current senior advisor at Johns Hopkins University, in a speech to security professionals. “Everybody’s a target,” George added, pointing out that IT organizations commonly partner with telecom carriers, as well as hardware/ software providers supporting workflow, while leveraging their cloud assets.

George recommended that entities take a defensive posture to disrupt cyber-criminal intent and truly “own” their supply chain. A key part of that approach is insisting that strategic partners prove their cybersecurity capabilities.

Related story: Top considerations for choosing a healthcare cloud partner

Breaches in the forecast

Organizations surveyed by CSA seemed aware of ongoing threats to cloud data security, with most respondents believing their enterprise would experience a breach in the coming year. Nonetheless, organizations that had already been breached reported significantly lower confidence in their ability to protect data—92% of those previously breached said they will likely experience another attack in the next 12 months.

Again, the report advised “locking down” third-party access to sensitive data. Further, organizations should prioritize cross-platform support for multi-cloud and hybrid cloud environments to ensure security across all domains.

Related story: How healthcare can close the cloud security gaps that stall adoption

Best practices for cloud-computing risk reduction include conducting regular cybersecurity audits; limiting users’ access to sensitive data, applications, and devices on a role-necessary basis; and conducting frequent readiness tests or mock cybersecurity incidents.

Frank Irving is a Philadelphia-based content writer and communications consultant specializing in healthcare and technology.