The average enterprise has nearly 1000 cloud services in use by employees — a number that continues to rise as companies lean into services that help them work and collaborate faster. But what’s been a boon for productivity has been a blight for security: The sync and share functionalities built-in to cloud services can greatly enhance the spread of cloud threats like malware and ransomware. While collaboration has never been easier, it’s also never been easier for malware to spread swiftly, right under the watch of IT and security teams. As the cloud continues to grow and usage of cloud services become more commonplace, here are three trends shaping the security landscape that organizations should consider as they build their cloud security plans for 2017:
More cloud usage with the same legacy security solutions, more problems: It’s not just cloud usage that is increasing; the number of threat vectors in 2017 is bound to increase as well. According to a recent Ponemon Institute study, almost 90 percent of businesses believe an increase of cloud usage will increase the probability of a data breach in the next year. IT will need a single point for visibility and real-time control of cloud services from all categories (not just cloud storage). This includes all services that enable file-sharing, from collaboration to CRM to HR. As cyber criminals continue to develop complex methods to infiltrate organizations, corporate leaders will develop a clearer understanding of how to adapt and adopt more proactive deterrence strategies. It is not that the cloud is the problem, it is the fact that most organizations have not implemented security controls and governance for the cloud in most organizations. That will change in 2017.
Vulnerabilities in Plain Sight: Because most organizations have not inspected their cloud services for ransomware, 2017 will be a banner year for ransomware in the cloud. Malware is hiding in plain sight as SSL traffic passes through to the corporate network uninspected (which is a huge issue in general for enterprises). Furthermore, direct-to-cloud access (i.e., without going over the corporate internet) from remote users and mobile devices accounts for nearly half of all cloud transactions, and most enterprises ignore this traffic (another huge issue), putting the organization at significant risk.
The People Problem: Every day, unwitting employees accidentally upload sensitive information to unsanctioned or compromised cloud services, exposing information to the wrong eyes. According to recent Netskope research, nearly half of companies who experienced a data breach in the last year say it was the user who exposed data intentionally or accidentally from a cloud service. In 2017, more organizations will need to address their “people problem,” including the fact that many cloud service-based insider threats are mostly unintentional. IT teams will put more effort into cloud services education, so employees are armed with the right information, and they’ll employ more advanced policies that limit or allow specific behaviors within cloud services instead of a broader “block” or “allow” policy on a specific cloud service.