When folks think of data leakage in the enterprise, they think of big breaches such as those at Target and Anthem. However, lots of data is leaked through risky employee behavior with cloud applications.
That comes out clearly in a recent report from cloud security startup Netskope, which found that nearly 18 percent of files contained in enterprise-approved cloud apps violate at least one data loss prevention (DLP) policy. One in five of the files in violation of DLP policies are exposed publicly, meaning they were shared with at least one person outside the organization's domain and remain exposed at the time of the study. (Though not mentioned in the report, it's a safe bet that DLP violations are much higher in non-sanctioned apps.)
A whopping 90 percent of the DLP violations occurred in cloud storage apps. Many involve confidential intellectual property or customer or regulated data, said Sanjay Beri, Netskope's CEO and founder.
The numbers were a surprise, Beri said.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"We expected both of these numbers to be lower, especially as IT and users become educated about cloud risks," he said. "This happens because users who are uploading files to cloud storage apps are just trying to get their jobs done as quickly and efficiently as possible, so they aren’t necessarily thinking about the security implications of uploading content and sharing it with internal and external collaborators."
Beri advised IT organizations to take a two-pronged approach to the problem: focus on discovering sensitive content in apps and restric external sharing, and also detect DLP violations as content is being uploaded to the cloud and take action such as sending the user an automated coaching message, encrypting the content on-the-fly or blocking the upload. (Not coincidentally, Netskope's software can do just that.)
"Regardless of the action, it’s always a good idea to alert users about the violation and the action that was taken," Beri said.
Cloud App Consolidation
The report also seemed to indicate a growing interest in consolidating cloud applications. It found the average number of apps used by enterprises has declined for the first time, from 730 in Netskope's last report to 715 in its latest report.
Beri said three forces are leading IT organizations to pursue cloud consolidation. First, he said, "Organizations are getting savvier about shadow IT and are being proactive by offering a secure, vetted alternative that they can manage and monitor."
IT is also sometimes being asked to reduce spend on third-party tools, even if those tools are procured by users and lines-of-business. Noting that the report found there are 33 cloud storage, 44 collaboration, and 37 HR apps per enterprise, Beri said, "While many of those apps are justifiable by the business, there are always opportunities to consolidate to save cost."
Finally, some IT organizations find that sanctioning an app facilitates collaboration across the company and its partners. "A sanctioned app like Box may have as many as two dozen ecosystem apps integrated with it that facilitate workflows like contract, routing, approvals and e-signatures in the legal industry or HIPAA-compliant medical image collaboration in the healthcare industry," he said. "These multi-app solutions are most useful when the organization has standardized on a sanctioned 'anchor tenant' app."
Some Netskope customers use the company's product to further application consolidation efforts, Beri said. For example, a 10,000-employee national insurance company used Netskope to understand and drive usage to corporate-sanctioned cloud storage, collaboration and email apps.
"By using Netskope as a visibility and coaching tool, the company has increased usage by more than 50 percent within the sanctioned apps in the span of about six months, and simultaneously cut usage in alternative, unsanctioned apps by more than half during that same time period," he said.
A few other interesting data points from the report, which was based on aggregated, anonymized data from hundreds of accounts using the Netskope Active Platform, which provides discovery, visibility and control over cloud apps:
- Netskope rated an alarming 92 percent of the apps in its Cloud Confidence Index as not enterprise ready. According to Netskope, this means "they lack the security, audit and certification, service-level agreement (SLA), legal and vulnerability capabilities required for safe cloud enablement."
- The five cloud application categories with the highest volume of policy violations are cloud storage, Webmail, finance/accounting, social, and CRM and SFA (salesforce automation).
- The top activities that constituted a policy violation, from highest to lowest in occurrence, are login, download, send, view and upload.
- The largest number of DLP violations involved data with personally identifiable information (PII), which accounted for 27 percent of DLP violations, followed by PCI (payment card information) data at 24 percent, confidential or secret documents (17 percent), source code (16 percent) and personal health information (12 percent).
Ann All is the editor of Enterprise Apps Today and eSecurity Planet. She has covered business and technology for more than a decade, writing about everything from business intelligence to virtualization.