Corporate use of cloud apps spikes risk of breaches
By Rodika Tollefson, ThirdCertainty
Employees at large organizations, many of them using BYOD computing devices, are tapping into an astounding number of cloud apps. And the vast majority of those cloud apps leave companies wide open to a data breach.
That revelation comes from cloud apps analytics company Netskope in a report issued Wednesday that looks at patterns of cloud apps usage at Netskope’s large enterprise customers.
Between July 1 and September 30, Netskope found big companies using an average of 579 cloud apps—up 14 percent from an average 508 cloud apps they were using between April 1 and June 30.
What’s more, 88.7 percent of cloud apps were deemed “not enterprise ready,” scoring a medium or lower on Netskope’s Cloud Confidence Index.
Infographic: The bottom line cost of cloud apps exposure
Netskope’s index takes into account strong authentication and physical security, as well as factors such a vulnerability history and even the legal terms of service, or TOS. If an app is secure by other measures but the TOS says the data belongs to the service provider, not the user, that creates a concern.
Another red flag: Netskope found that nearly half of cloud activity occurring in large organizations is taking place on mobile devices.
“Mobility and cloud go together hand in hand. You can launch an app on your device and in one click, you can be sharing data with thousands of people,” says Netskope founder and CEO Sanjay Beri. “That’s good news and bad news … bad because the average enterprise has no idea that’s happening.”
According to Netskope’s report, more than half of cloud “send” and “approve” activities occur on mobile devices, as well as nearly half of all the viewing, login, posting and downloading activities.
“Many think of mobile devices as ‘read’ devices but the reality is, that’s not what people are doing. They’re sharing content and performing activities like approving, signing and so on,” Beri says.
Storage and social apps—which Netskope defines to include social networks like Facebook and LinkedIn—represent nearly half of all the cloud app use. At the same time, the report says that the vast majority of apps in those categories weren’t enterprise ready.
Mobile devices accounted for one third of data leakage—not surprising, considering the growth in the mobile and BYOD trend. That data loss could cost companies millions of dollars.
A separate study by the Ponemon Institute, commissioned by Netskope and released earlier this year, found that cloud data breach costs a company an average of $201.18 per lost or stolen customer record.
One of the major implications for the IT sector, according to Beri, is that enterprises can no longer spend most of their dollars on securing traffic that sits on the corporate network.
“When you deploy a solution to give you visibility and security of cloud applications, you have to make sure that solution doesn’t just work on premises but also covers mobile users who never touch the corporate (networks),” he says. “You need to think mobile first.”
Beri emphasized that many apps can become enterprise ready with the right layer of security and vice-versa. But even if an app is considered enterprise ready, he cautions that deployment without a strategy can still lead to putting sensitive data at risk.
More on emerging threats