Cloud Adoption and Risk Report 2019

Key Findings

• 21% of all files in the cloud contain sensitive data, up 17% over the past two years.
• The amount of files with sensitive data shared in the cloud has increased 53% YoY.
• Sharing sensitive data with an open, publicly accessible link has increased by 23% over the past two years.
• 94% of IaaS/PaaS use is in AWS, but 78% of organizations using IaaS/PaaS use both AWS and Azure.
• Enterprise organizations have an average of 14 misconfigured IaaS/PaaS instances running at one time, resulting in an average of 2,269 individual misconfiguration incidents per month.
• 5.5% of AWS S3 buckets have world read permissions, making them open to the public.
• The average organization generates over 3.2 billion events per month in the cloud, of which 3,217 are anomalous, and 31.3 are actual threat events.
• Threat events in the cloud, i.e. compromised account, privileged user, or insider threat have increased 27.7% YoY.
• 80% of all organizations experience at least 1 compromised account threat per month.
• 92% of all organizations have stolen cloud credentials for sale on the Dark Web.
• Threats in Office 365 have grown by 63% in the last two years.
• The average organization uses 1,935 unique cloud services, an increase of 15% from last year. Most organizations think they use about 30.