Cloud fan-out effect shows attackers use sync and share to propagate threats
Netskope, the leading cloud access security broker, today announced the release of the February 2016 Netskope Cloud Report™ on enterprise cloud app usage and trends. According to the report, the fourth quarter of 2015 saw the highest number of cloud apps in use across all enterprises to date. On average, employees used 917 different cloud apps within a given enterprise organization, a 21 percent increase from the previous report. In addition, the report found that 4.1 percent of enterprises have sanctioned cloud apps laced with malware, such as trojans, viruses and spyware. Considering that unsanctioned apps represent the majority of an enterprise’s total cloud app footprint (at 95 percent), report findings indicate IT may have an even larger scope of cloud app-based malware in enterprises than initially realized.
The report found that many users can unknowingly spread malware through the sync and share mechanisms present in the cloud storage apps they use. As most cloud apps have many connected endpoints which users rely on to sync, share and collaborate on content, it’s unnervingly easy for malware to rapidly spread throughout an organization in a short period of time, creating a dangerous attack fan-out effect.
“Employees are adopting cloud apps at an unprecedented rate, and organizations must prepare for the increasing security risks and challenges associated with the changing workplace,” said Sanjay Beri, co-founder and CEO, Netskope. “Now more than ever, it’s imperative that organizations have complete visibility into and real-time actionable control over their cloud app usage to better monitor and understand trends and vulnerabilities. It’s only with this knowledge that IT can begin to protect against threats lurking in cloud apps, such as malware.”
Breakdown of Cloud Apps By Industry
The report found that of the average 917 cloud apps in use per enterprise, 91 percent of these apps are not enterprise-ready and lack key functionalities such as security, audit and certification, service-level agreement, legal, privacy, financial viability and vulnerability remediation. Within specific verticals, technology and IT services lead in number of cloud apps in use, averaging 932 apps per enterprise. Healthcare and life sciences had the second-highest total, with 927 cloud apps.
|Industry Group||Number of Cloud Apps Per Enterprise|
|Technology and IT Services||932|
|Healthcare and Life Sciences||927|
|Retail, Restaurants and Hospitality||871|
|Financial Services, Banking and Insurance||826|
Average Cloud Apps Per Enterprise by App Category
Among the top categories in terms of number of cloud apps per enterprise, including those that are not enterprise-ready, marketing had the highest total. While some marketing apps do not hold sensitive data, many contain personally identifiable information about users, their web usage and their buying preferences.
|Category||Average # of Apps Per Enterprise||Percentage of Apps Not Enterprise-Ready|
|CRM and SFA||22||96%|
About the Netskope Cloud Report
Based on aggregated, anonymized data from the Netskope Active Platform, which provides discovery, surgical visibility and control over any cloud app, the report’s findings are based on millions of users in hundreds of accounts in the global Netskope Active Platform from October 1 through December 31, 2015.
Netskope™, the leading cloud access security broker (CASB), helps enterprises find, understand and secure sanctioned and unsanctioned cloud apps. Through contextual awareness and a multi-mode architecture, Netskope sees the cloud differently. This results in the deepest visibility and control, the most advanced threat protection and data loss prevention and an unmatched breadth of security policies and workflows. The world’s largest companies choose Netskope, the only CASB that ensures compliant use of cloud apps in real-time, whether accessed on the corporate network, remotely or from a mobile device. With Netskope, enterprises move fast, with confidence. To learn more, visit our website.