One in three cloud services was susceptible to Heartbleed, research shows
One third of cloud services was vulnerable to the debilitating Heartbleed virus, it has been revealed.
The findings were posted in a research paper from cloud security provider Skyhigh Networks’ Cloud Adoption & Risk report, and found that 1,173 cloud services from the 3,571 in use had left data exposed by Heartbleed when the bug first broke.
Skyhigh reports that the number of vulnerable services was less than 1% a week later following cloud providers stepping in to address the breach. However there was still plenty of scaremongering in the report, with only 7% of services rated with enterprise-grade security. 16% provided multi-factor authentication, whilst only 11% encrypt data at rest. Interestingly, the number of enterprise-ready services went down from last quarter’s 11%.
Despite this, the use of cloud services is growing at a rapid rate. The current number of 3,571 is significantly up on 2,675, representing a 33% growth. But the researchers note how this could be a hindrance rather than a help; on average companies use 91 collaboration services and 24 file sharing services. 437 collaboration and 178 file sharing services were clocked overall.
Of the top 10 file sharing services, only one – Box – was considered to have enterprise-grade security. Box was the fourth most popular storage tool, behind Dropbox, Google Drive and OneDrive – all considered medium risk.
It was better news for Microsoft in terms of collaboration services, with Office 365 joining only Cisco WebEx as being considered enterprise-proof. Gmail and Google Docs were both considered medium risk.
Overall collaboration, social media and file sharing comprised the top three service categories. Facebook was the most popular service, followed by Amazon Web Services and Twitter. YouTube and Salesforce completed the top five.
The anonymous data was taken from over 8.3 million users in more than 250 companies, and again puts a seed of doubt into the security of the cloud, especially given the genuine fear prompted by Heartbleed.
The full report can be found here. What do you make of it?
- » What is cyber insurance truly worth? Analysing the risks and responses
- » Cloud complexity and ‘terrifying’ IoT means organisations’ asset visibility is worsening – report
- » Five key takeaways from RSA Conference 2020: Cloud SIEM, Zero Trust, API-based security, and more
- » Realising the impact of unsecured container deployments: A guide
- » A day in the trenches with IT operations: How to create a more seamless practice