Ermetic: 4 in 5 Companies Experienced a Cloud Data Breach in the Past 18 Months

Ermetic: 4 in 5 Companies Experienced a Cloud Data Breach in the Past 18 Months

According to research released today by Ermetic, nearly 80 percent of companies have experienced a cloud data breach in the past 18 months. This information comes from the IDC Cloud Security Survey Highlights, a report released by Ermetic based on a IDC-conducted survey that interview 300 CISOs at organizations of various sizes and across industries. The report shows how cloud data breaches are causing major problems for enterprises, highlighting the need to be prepared to deal with them.

Our MSP Buyer’s Guide contains profiles on the top cloud managed service providers for AWS, Azure, and Google Cloud, as well as questions you should ask vendors and yourself before buying. We also offer an MSP Vendor Map that outlines those vendors in a Venn diagram to make it easy for you to select potential providers.

Ermetic’s survey revealed just how many enterprises are dealing with cloud data breaches. The researchers found that in the past 18 months, almost 80 percent of companies experienced a data breach through their cloud environments. While companies of all sizes reported data breaches, the biggest group hit where those with between 2,500 and 4,999 employees. Of those companies, 89 percent stated they had a cloud data breach.

Perhaps more alarming is just how many cloud data breaches a single company suffers from. Of the respondents that stated their company had a cloud data breach, around 90 percent, suffered more than two data breaches. Shockingly, 43 percent responded that they had dealt with 10 or more breaches in the cloud. Ermetic blamed most of the cloud data breaches on security professionals granting excessive permissions, opening up the floodgates for hackers or unwanted actors from accessing your cloud data.

In the company’s official press release on the survey, Ermetic’s CEO Shai Morag stated: “Even though most of the companies surveyed are already using IAM, data loss prevention, data classification and privileged account management products, more than half claimed these were not adequate for protecting cloud environments. In fact, two thirds cited cloud native capabilities for authorization and permission management, and security configuration as either a high or an essential priority. Driven by the dynamic and on-demand nature of public cloud infrastructure deployments, users and applications often accumulate access permissions beyond what is necessary for their legitimate needs.”

Learn more about Ermetic’s study here.


Daniel Hein

Dan is a tech writer who writes about Enterprise Cloud Strategy and Network Monitoring for Solutions Review. He graduated from Fitchburg State University with a Bachelor's in Professional Writing. You can reach him at dhein@solutionsreview.com
Daniel Hein