On September 12th, cybersecurity giant Fortinet suffered a data breach where hackers stole 440GB of files from its Microsoft SharePoint server in Azure.

‍This incident adds Fortinet to a growing list of large enterprises that have fallen victim to cyberattacks in recent months. While cloud storage drives offer incredible benefits for productivity and collaboration, this breach highlights the potential dangers they pose if not properly secured. Businesses are increasingly relying on cloud-based solutions, but with that comes a need to rethink data security strategies.

Cloud-based SaaS tools for file storage like Microsoft OneDrive, Google Drive, and Box have revolutionised the way organisations collaborate. Teams can easily access, share, and work on files in real-time, regardless of location. For remote and hybrid work environments, cloud storage is invaluable. But the same ease of access that drives productivity can also open the door to significant security risks.

The Fortinet breach serves as a cautionary tale, emphasising the need for organisations to understand what data is stored in their cloud environments and how it's being accessed. When cloud drives are left unchecked, they can become a weak point in a company’s data security framework. Unauthorised access, misconfigured permissions, and lack of oversight can quickly lead to a data breach that can have devastating consequences.

Advantages of Cloud Storage

Collaborative cloud storage platforms offer several key advantages for modern businesses:

1. Enhanced Collaboration: Employees can easily share and access files in real-time, streamlining workflows and fostering team collaboration across locations.
2. Scalability: Cloud storage solutions allow businesses to scale as their data needs grow without the hassle of maintaining physical storage infrastructure.
3. Cost-Efficiency: Cloud services reduce the need for expensive on-site storage hardware and offer flexible pricing based on usage.

Despite these benefits, businesses must remain vigilant about how they secure their cloud environments.

The Dangers of Cloud Storage Drives

While the convenience of cloud storage is undeniable, it comes with inherent risks:

1. Unauthorised Access: Without proper access controls, sensitive data stored in the cloud can be exposed to employees or external parties who should not have access.
2. Misconfigurations: Misconfigured settings in cloud storage environments are a common cause of data breaches, as they can unintentionally make sensitive data publicly accessible.
3. Insider Threats: Employees who have legitimate access to cloud storage can become an insider threat, whether due to negligence or malicious intent.

In 2023, Metomic performed an analysis on approximately 6.5 million Google Drive files. We found that 40.2% contained sensitive data that could put an organisation at risk of a data breach or cybersecurity attack. We also found that documents that had been shared externally often contained confidential information, with 18,000 files flagged as having “highly sensitive” data, like PII. These findings put a spotlight on the amount of vulnerable data living in Google Drives around the world, underscoring just how critical it is that businesses know what data is being stored, where it is stored, and who has access to it. The best way to prevent a data breach is to protect your business’ vulnerable data so that it does not end up in the wrong hands.

The Fortinet breach is just one example of how even top-tier companies can be vulnerable if they lack the right safeguards. For businesses looking to prevent such incidents, implementing a robust Data Loss Prevention (DLP) strategy is crucial.

Three Recommendations for Securing Your Cloud Storage with DLP

At Metomic, we specialise in helping businesses secure their cloud environments with advanced DLP solutions. Based on our experience, here are three recommendations for companies looking to safeguard their cloud storage:

1. Implement Strong Access Controls
   One of the most effective ways to secure cloud storage is to implement stringent access controls. Ensure that only authorised personnel have access to sensitive files, and regularly audit permissions to confirm they are up to date. Utilise role-based access control (RBAC) to limit access based on an employee’s role within the organisation. Additionally, enabling multi-factor authentication (MFA) adds an extra layer of protection, making it more difficult for unauthorised users to gain access, even if credentials are compromised.
2. Monitor Data Usage with DLP Tools
   Modern DLP solutions, like Metomic, can help monitor how data is being accessed, shared, and used across cloud storage platforms. These tools provide visibility into data flows and detect suspicious activities, such as large file downloads, unusual sharing patterns, or access from untrusted devices. By utilising DLP tools, businesses can detect potential threats early and take swift action to mitigate risks. This kind of real-time monitoring is essential for preventing data leaks before they escalate into full-blown breaches.
3. Educate Employees on Cloud Security Best Practices
   Human error is one of the leading causes of data breaches. Regular training on cloud security best practices can reduce the likelihood of accidental data exposure. Employees should be aware of how to securely share files, recognise phishing attempts, and understand the importance of using secure networks when accessing cloud storage. By fostering a security-first mindset within your organisation, you can significantly reduce the risks associated with cloud storage.

The Fortinet breach is a stark reminder that no business, regardless of size or reputation, is immune to the dangers of cloud-based data storage. While cloud platforms offer undeniable benefits in terms of productivity and scalability, they must be carefully managed to prevent unauthorised access and data loss. By implementing strong access controls, leveraging DLP tools for monitoring, and educating employees on best practices, businesses can enjoy the advantages of cloud storage while minimising their security risks.

At Metomic, we’re committed to helping organisations secure their sensitive data across SaaS and cloud environments. As businesses continue to move more operations to the cloud, the need for comprehensive DLP strategies has never been greater. 

Get in touch to learn more about how Metomic can help protect sensitive data in your business.