One in three cloud services was susceptible to Heartbleed, research shows
One third of cloud services was vulnerable to the debilitating Heartbleed virus, it has been revealed.
The findings were posted in a research paper from cloud security provider Skyhigh Networks’ Cloud Adoption & Risk report, and found that 1,173 cloud services from the 3,571 in use had left data exposed by Heartbleed when the bug first broke.
Skyhigh reports that the number of vulnerable services was less than 1% a week later following cloud providers stepping in to address the breach. However there was still plenty of scaremongering in the report, with only 7% of services rated with enterprise-grade security. 16% provided multi-factor authentication, whilst only 11% encrypt data at rest. Interestingly, the number of enterprise-ready services went down from last quarter’s 11%.
Despite this, the use of cloud services is growing at a rapid rate. The current number of 3,571 is significantly up on 2,675, representing a 33% growth. But the researchers note how this could be a hindrance rather than a help; on average companies use 91 collaboration services and 24 file sharing services. 437 collaboration and 178 file sharing services were clocked overall.
Of the top 10 file sharing services, only one – Box – was considered to have enterprise-grade security. Box was the fourth most popular storage tool, behind Dropbox, Google Drive and OneDrive – all considered medium risk.
It was better news for Microsoft in terms of collaboration services, with Office 365 joining only Cisco WebEx as being considered enterprise-proof. Gmail and Google Docs were both considered medium risk.
Overall collaboration, social media and file sharing comprised the top three service categories. Facebook was the most popular service, followed by Amazon Web Services and Twitter. YouTube and Salesforce completed the top five.
The anonymous data was taken from over 8.3 million users in more than 250 companies, and again puts a seed of doubt into the security of the cloud, especially given the genuine fear prompted by Heartbleed.
The full report can be found here. What do you make of it?
- » Why IT security solutions spending will reach $133.8 billion
- » Facebook records exposed on AWS cloud server lead to more navel-gazing over shared responsibility
- » Financial services moving to hybrid cloud – but rearchitecting legacy systems remains a challenge
- » Five ways to demystify Zero Trust security – and the vendors who are pushing it
- » Bitglass secures $70m series D funding to further enhance CASB space