27 Percent of Cloud Apps Present Significant Risks to the Enterprise

According to CloudLock’s Q2 2016 Cloud Cybersecurity Report, entitled The Explosion of Apps: 27% Are Risky, 27 percent of third-party cloud apps are classified as high risk, potentially giving cybercriminals access to corporate platforms impersonating end user. Fifty-eight percent are classified as medium risk.

The report, based on an analysis of 10 million users, 1 billion files and almost 160,000 unique applications, states that the two years from 2014 to 2016 have seen an almost 30x increase in third-party cloud apps, from 5,500 to almost 160,000.

“The shift to the cloud creates a new, virtual security perimeter that includes third-party apps granted access to corporate systems,” CloudLock director of customer insights and analytics Ayse Kaya-Firat said in a statement. “Today, most employees leverage a wide variety of apps to get their jobs done efficiently, unwittingly exposing corporate data and systems to malware and the possibility of data theft.”

The number of third-party app installations has increased by 19 percent in the last three months alone — the average organization’s users connect 733 third-party apps to the corporate environment. In 2014, that number was 130.

More than half of third-party apps are banned due to security concerns, according to the report. The top 10 banned apps are Airbnb, CodeCombat, Free Rider HD, Madden NFL Mobile, Pinterest, Power Tools, SoundCloud, Sunrise Calendar, WhatsApp Messenger, and Zoho Accounts. The top 10 trusted apps are Asana, Hubspot, LinkedIn, Lucidchart, Quizlet, Slack, Smartsheet, Turnitin, Zendesk and Zoom.

Separately, a Bitglass survey of more than 2,200 cyber security professionals found that only 42 percent of respondents have policies in place to restrict the use of unsanctioned apps. Thirty-six percent allow the use of unsanctioned apps, and 13 percent have no policy.

The survey also found that 52 percent of respondents believe cloud apps can be as secure or more secure than premise-based apps, a significant jump from 40 percent of respondents a year ago. Almost 60 percent believe legacy security infrastructure is made obsolete by the use of cloud applications.

Over 50 percent of respondents believe unauthorized access is a top threat to cloud security, and 34 percent see external sharing of sensitive information as as a top threat.

The June 2016 Netskope Cloud Report found that 11 percent of enterprises have sanctioned apps infected with malware — a significant jump from 4.1 percent in the previous report.

The malware detected in those apps included JavaScript exploits and droppers (63.3 percent), Microsoft Office macros (21.3 percent), backdoors (4.9 percent), mobile malware (4.3 percent) and spyware (3.2 percent).

Almost three quarters of the malware detections were categorized as severe, and 26 percent of the malware was detected in files that had been shared with others.

Seventy-five percent of more than 22,000 apps studied fail to comply with the data privacy requirements of the European Union’s General Data Protection Regulation (GDPR).

“The shift to the cloud presents an increasing complexity and volume of security challenges for enterprises, including regulations like the EU GDPR,” Netskope founder and CEO Sanjay Beri said in a statement.

A recent eSecurity Planet article listed 6 questions to ask yourself about your cloud security.

Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Top Cybersecurity Companies

Related articles