Cloud and mobile apps are now firmly entrenched in the daily activity if both consumers and businesses, igniting discussions throughout the business – from IT to the boardroom.
On average, a staggering 917 cloud apps are in use within the enterprise. Yet 94% of these apps are not enterprise ready, lacking both core auditing functions and security certifications.
As a result, many apps are more prone to vulnerabilities and exploits while also seeing service level agreements (SLAs) weakened.
It’s an astonishing number, particularly when considering that the majority of businesses underestimate the quantity of cloud apps used by employees by a factor of ten.
As employees increasingly embrace and rely upon cloud apps to get their jobs done efficiently, this problem will only worsen.
Companies are being left vulnerable to specific and growing cloud-borne threats as cloud and mobile trends continue to take off.
The majority of IT professionals recognise that a large quantity of sensitive corporate data is now stored in, and shared through, the cloud.
Organisations therefore face an increasingly difficult challenge: finding the balance between empowering staff to access and use cloud apps while implementing sufficient protection against data loss.
This is not the only hurdle to clear – a recent survey conducted by Netskope at the 2016 RSA conference found that enterprises are experiencing a growing need for a more unified security strategy, particularly in the wake of a string of high-profile breaches.
This same survey revealed the following top three reasons why IT must take quick action against the growing threat landscape unleashed by cloud technology.
1. Increased risk of insider threats through cloud app usage
To control risks around cloud app usage, businesses need to know what staff are doing with data in the cloud and which apps they are using.
The more employees use unsanctioned cloud apps, the greater the risk of sensitive corporate data being accidentally exposed and falling into the wrong hands.
While 52% of security breaches are due to human error, employees rarely leak data intentionally.
Accidental or not, the consequences of a data breach cannot be taken lightly. Businesses must implement cloud app security strategies to protect against both scenarios.
Employee training is just one way to alleviate the risk of insider threats. Data loss prevention tools are also an effective way to mitigate the risks generated by employees – the most insecure endpoint within an enterprise.
2. Security strategies often underestimate the cloud as a threat vector
The explosion of mobile cannot be ignored. Ericsson predicts that by 2020, we will see 6 billion global mobile users (approximately 70% of the world’s population).
While cloud apps empower today’s workforce with the tools for enhanced productivity and collaboration, companies do need to be acutely aware of the cloud as a growing threat vector.
Sanctioned apps represent less than 5% of an enterprise’s total cloud app footprint, yet recent Netskope research found malware in even the sanctioned apps across 12% of businesses.
Unsanctioned apps often pose an even greater threat as they have yet to be identified, formally assessed and approved by the IT department.
In spite of this, just 37% of respondents at RSA were able to confirm that their organisations have implemented solid policies to address cloud-based threats.
As the threat vector created by cloud apps continues to grow, companies need to ensure that their security strategies are able to handle the risks posed by these apps.
In addition, any security strategy must also safeguard the sensitive data stored within apps and the range of mobile devices in use within the business.
3. Greater exposure to threats through disjointed security policies
The RSA survey revealed that many organisations fail to implement clear, organised policies which detail how users should access the network, cloud and both personal as well as company-issued mobile devices.
Many respondents highlighted that organisational policies often focus on the network alone, creating a severe oversight when it comes to cloud risks and human error.
Clearly, a major disconnect exists between C-level executives and the IT department when it comes to cyber security.
The danger with fragmented policies is that executives often don’t feel responsible for the repercussions of a data breach, leaving enterprises vulnerable to both cyber threats and, in the event of a breach, finger pointing but no real solution.
It is therefore vital that IT sets out a plan to increase budget in order to adapt to the security realities of 2016 and better address today’s threats.
Employees are key to this plan’s success – IT leaders need to selectively choose the correct IT staff to take on the role of transparent administrators and guardians of the organisation’s security policies.
Mitigating security risks emanating from a company’s entire cloud app ecosystem cannot be completed in one fell swoop. Organisations can however take certain steps to better prepare themselves and their systems against these threats.
Ultimately, visibility is key – companies need better and more granular visibility into the sanctioned and unsanctioned cloud apps in their corporate environment.
Investing time and money into understanding how these apps are being used and how best to secure the data within them will permit staff to continue using cloud technology to work effectively, while simultaneously ensuring company data is not exposed to unnecessary risks from those apps.
Sourced from Jamie Barnett, CMO, Netskope