Corporate use of cloud apps spikes risk of breaches

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

By Rodi­ka Tollef­son, ThirdCertainty

Employ­ees at large orga­ni­za­tions, many of them using BYOD com­put­ing devices, are tap­ping into an astound­ing num­ber of cloud apps. And the vast major­i­ty of those cloud apps leave com­pa­nies wide open to a data breach.

That rev­e­la­tion comes from cloud apps ana­lyt­ics com­pa­ny Net­skope in a report issued Wednes­day that looks at pat­terns of cloud apps usage at Netskope’s large enter­prise customers.

Between July 1 and Sep­tem­ber 30, Net­skope found big com­pa­nies using an aver­age of 579 cloud apps—up 14 per­cent from an aver­age 508 cloud apps they were using between April 1 and June 30.

What’s more, 88.7 per­cent of cloud apps were deemed “not enter­prise ready,” scor­ing a medi­um or low­er on Netskope’s Cloud Con­fi­dence Index.

Info­graph­ic: The bot­tom line cost of cloud apps exposure

Netskope’s index takes into account strong authen­ti­ca­tion and phys­i­cal secu­ri­ty, as well as fac­tors such a vul­ner­a­bil­i­ty his­to­ry and even the legal terms of ser­vice, or TOS. If an app is secure by oth­er mea­sures but the TOS says the data belongs to the ser­vice provider, not the user, that cre­ates a concern.

Anoth­er red flag: Net­skope found that near­ly half of cloud activ­i­ty occur­ring in large orga­ni­za­tions is tak­ing place on mobile devices.

Mobil­i­ty and cloud go togeth­er hand in hand. You can launch an app on your device and in one click, you can be shar­ing data with thou­sands of peo­ple,” says Net­skope founder and CEO San­jay Beri. “That’s good news and bad news … bad because the aver­age enter­prise has no idea that’s happening.”

Unchecked shar­ing

Accord­ing to Netskope’s report, more than half of cloud “send” and “approve” activ­i­ties occur on mobile devices, as well as near­ly half of all the view­ing, login, post­ing and down­load­ing activities.

Sanjay Beri
San­jay Beri

Many think of mobile devices as ‘read’ devices but the real­i­ty is, that’s not what peo­ple are doing. They’re shar­ing con­tent and per­form­ing activ­i­ties like approv­ing, sign­ing and so on,” Beri says.

Stor­age and social apps—which Net­skope defines to include social net­works like Face­book and LinkedIn—represent near­ly half of all the cloud app use. At the same time, the report says that the vast major­i­ty of apps in those cat­e­gories weren’t enter­prise ready.

Mobile devices account­ed for one third of data leakage—not sur­pris­ing, con­sid­er­ing the growth in the mobile and BYOD trend. That data loss could cost com­pa­nies mil­lions of dollars.

Cost­ly leaks

A sep­a­rate study by the Ponemon Insti­tute, com­mis­sioned by Net­skope and released ear­li­er this year, found that cloud data breach costs a com­pa­ny an aver­age of $201.18 per lost or stolen cus­tomer record.

One of the major impli­ca­tions for the IT sec­tor, accord­ing to Beri, is that enter­pris­es can no longer spend most of their dol­lars on secur­ing traf­fic that sits on the cor­po­rate network.

When you deploy a solu­tion to give you vis­i­bil­i­ty and secu­ri­ty of cloud appli­ca­tions, you have to make sure that solu­tion doesn’t just work on premis­es but also cov­ers mobile users who nev­er touch the cor­po­rate (net­works),” he says. “You need to think mobile first.”

Beri empha­sized that many apps can become enter­prise ready with the right lay­er of secu­ri­ty and vice-ver­sa. But even if an app is con­sid­ered enter­prise ready, he cau­tions that deploy­ment with­out a strat­e­gy can still lead to putting sen­si­tive data at risk.

More on emerg­ing threats

Shell­shock bug expos­es web servers, home routers

Insid­ers pose risk of theft, fines, sabotage

Why deb­it cards are riski­er than cred­it cards

Posted in Data Breach, Data Security, News & Analysis