Sanctioned Cloud Apps Laced with Malware

By   ISBuzz Team
Writer , Information Security Buzz | Mar 07, 2016 10:00 pm PST

Cloud fan-out effect shows attackers use sync and share to propagate threats

Netskope, the leading cloud access security broker, today announced the release of the February 2016 Netskope Cloud Report™ on enterprise cloud app usage and trends. According to the report, the fourth quarter of 2015 saw the highest number of cloud apps in use in all enterprises to date. On average, employees used 769 different cloud apps within a given enterprise organisation, a 26.5 per cent increase from the previous report. In addition, the report found that 4.1 per cent of enterprises have sanctioned cloud apps laced with malware, such as worms and trojans. Considering that unsanctioned apps represent the majority of an enterprise’s total cloud app footprint (at 95 per cent), report findings indicate IT may have an even larger scope of cloud app-based malware in enterprises than initially realised.

The report found that many users can unknowingly spread malware through sync and share mechanisms in the cloud storage apps they use. As these cloud apps have many connected endpoints which users rely on to sync, share and collaborate on content, malware rapidly spreads throughout an organisation in a short period of time, creating a dangerous attack fan-out effect.

“Employees are adopting cloud apps at an unprecedented rate, and organisations must prepare for the increasing security risks and challenges associated with the changing workplace,” said Sanjay Beri, co-founder and CEO, Netskope. “Now more than ever, it’s imperative that organisations have complete visibility into and real-time actionable control over their cloud app usage to better monitor and understand trends and vulnerabilities. It’s only with this knowledge that IT can begin to protect against threats lurking in cloud apps, such as malware.”

Additional Findings

  • Microsoft Office 365 eclipses Google in cloud app usage

According to the report, Microsoft 365 and Microsoft Office 365 OneDrive for Business took the second and third spots for most used cloud apps, respectively, surpassing Google Gmail and Google Drive for the first time since Netskope began tracking usage data in 2014. This growth had a significant impact on the Office 365 ecosystem, especially integrated apps like RingCentral, Smartsheet and TeamViewer. Each app posted triple-digit growth in the past year.

  • Enterprise cloud apps aren’t ready for European Union General Data Protection Regulation

According to recent research from Netskope, only one in five companies are confident they will comply with the upcoming General Data Protection Regulation (GDPR), a statistic that underscores the uphill battle organisations that do business, or have users, in Europe face as they prepare for the compliance changes. The report found that 12.7 per cent of cloud apps don’t support data portability requirements, which infringes on the rights of data subjects according to the regulation. Additionally, 43.2 per cent of cloud apps keep data for longer than one week upon termination of service, going against the GDPR requirement that personal data must be deleted as soon as the purpose of use is no longer in place. These two statistics alone point to significant work ahead for enterprises, as well as the cloud app vendors that serve them.

Breakdown of cloud apps by industry

The report found that of the average 769 cloud apps in use per enterprise, 88 per cent of these apps are not enterprise-ready and lack key functionalities such as security, audit and certification, service-level agreement, legal, privacy, financial viability and vulnerability remediation. Within specific verticals, technology and IT services lead in number of cloud apps in use, averaging 794 apps per enterprise. Healthcare and life sciences had the second-highest total, with 773 cloud apps.

Image 1

Average cloud apps per enterprise by app category

Among the top categories in terms of number of cloud apps per enterprise, including those that are not enterprise-ready, marketing had the highest total. While some marketing apps do not hold sensitive data, many do contain personally identifiable information about users, their web usage and their buying preferences.

Image 2

[su_box title=”About Netskope Cloud Report” style=”noise” box_color=”#336588″]Based on aggregated, anonymised data from the Netskope Active Platform, which provides discovery, surgical visibility and control over any cloud app, the report’s findings are based on millions of users in hundreds of accounts in the global Netskope Active Platform from 1 October through 31 December 2015.[/su_box]

[su_box title=”About Netskope” style=”noise” box_color=”#336588″]NetskopeNetskope™, the leading cloud access security broker (CASB), helps enterprises find, understand and secure sanctioned and unsanctioned cloud apps. Through contextual awareness and a multi-mode architecture, Netskope sees the cloud differently. This results in the deepest visibility and control, the most advanced threat protection and data loss prevention and an unmatched breadth of security policies and workflows. The world’s largest companies choose Netskope, the only CASB that ensures compliant use of cloud apps in real-time, whether accessed on the corporate network, remotely or from a mobile device. With Netskope, enterprises move fast, with confidence.[/su_box]

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x