We released the Netskope Cloud Report for January today. In it, we report the latest numbers for cloud app adoption, with an average of 613 cloud apps per enterprise, as well as a host of other goodies, like top-used apps, activities that constitute a policy violation, and percentage of content-at-rest in sanctioned cloud storage that violates organizations’ data loss prevention profiles like PII and PCI.
Every quarter we drill a little deeper beyond our standard statistics into an area of cloud security, from activities like sharing to mobile cloud usage. This quarter, we highlighted some research that we are conducting around compromised account credentials. We have noticed that a growing number of enterprise cloud users are logging into their cloud apps using login names and passwords that have been stolen as part of a data hack or exposure. Based on our research, we estimate that 15 percent of users have had their account credentials compromised.
One fact that exacerbates this situation is that many people reuse their passwords for multiple accounts. Research suggests that as many as half of all users, and often more, do this. Combine that with the fact that a high number of your enterprise users log into your popular cloud-based apps like Salesforce, Box, Dropbox, Concur, and WebEx. Even if you’re diligent about protecting those apps, the chances are high that one of those users is logging into your business-critical apps with compromised credentials, even if the compromise had nothing to do with those apps or your protection of them.
How can you protect your business-critical apps given this situation? We recommend five things:
It’s nearly impossible to protect your users from having their credentials compromised. But there are some very clear steps you can take to protect your most business-critical apps and the data they house. Learn more about this topic and other cloud usage statistics in the Netskope Cloud Report.