Netskope Report Reveals 4.1 Percent of Enterprises Have Sanctioned Cloud Apps Laced With Malware

Cloud fan-out effect shows attackers use sync and share to propagate threats

Netskope, the leading cloud access security broker, today announced the release of the February 2016 Netskope Cloud Report™ on enterprise cloud app usage and trends. According to the report, the fourth quarter of 2015 saw the highest number of cloud apps in use across all enterprises to date. On average, employees used 917 different cloud apps within a given enterprise organization, a 21 percent increase from the previous report. In addition, the report found that 4.1 percent of enterprises have sanctioned cloud apps laced with malware, such as trojans, viruses and spyware. Considering that unsanctioned apps represent the majority of an enterprise’s total cloud app footprint (at 95 percent), report findings indicate IT may have an even larger scope of cloud app-based malware in enterprises than initially realized.

The report found that many users can unknowingly spread malware through the sync and share mechanisms present in the cloud storage apps they use. As most cloud apps have many connected endpoints which users rely on to sync, share and collaborate on content, it’s unnervingly easy for malware to rapidly spread throughout an organization in a short period of time, creating a dangerous attack fan-out effect.

“Employees are adopting cloud apps at an unprecedented rate, and organizations must prepare for the increasing security risks and challenges associated with the changing workplace,” said Sanjay Beri, co-founder and CEO, Netskope. “Now more than ever, it’s imperative that organizations have complete visibility into and real-time actionable control over their cloud app usage to better monitor and understand trends and vulnerabilities. It’s only with this knowledge that IT can begin to protect against threats lurking in cloud apps, such as malware.”

Additional Findings

• Microsoft Office 365 Eclipses Google In Cloud App Usage: According to the report, Microsoft 365 Outlook.com and Microsoft Office 365 OneDrive for Business took the second and third spots for most used cloud apps, respectively, surpassing Google Gmail and Google Drive for the first time since Netskope began tracking usage data in 2014. This growth had a significant impact on the Office 365 ecosystem, especially integrated apps like RingCentral, Smartsheet and TeamViewer. Each app posted triple-digit growth in the past year.

• Enterprise Cloud Apps Aren’t Ready for European Union General Data Protection Regulation: According to recent research from Netskope, only one in five companies are confident they will comply with the upcoming General Data Protection Regulation (GDPR), a statistic that underscores the uphill battle organizations that do business or have users in Europe face as they prepare for compliance changes. The report found that 12.7 percent of cloud apps don’t support data portability requirements, which infringes on the rights of data subjects, according to the regulation. Additionally, 43.2 percent of cloud apps keep data for longer than one week upon termination of service, going against the GDPR requirement that personal data must be deleted immediately once the purpose of use is no longer in place. These two stats alone point to the significant work ahead for enterprises, as well as for the cloud app vendors that serve them.

Breakdown of Cloud Apps By Industry

The report found that of the average 917 cloud apps in use per enterprise, 91 percent of these apps are not enterprise-ready and lack key functionalities such as security, audit and certification, service-level agreement, legal, privacy, financial viability and vulnerability remediation. Within specific verticals, technology and IT services lead in number of cloud apps in use, averaging 932 apps per enterprise. Healthcare and life sciences had the second-highest total, with 927 cloud apps.

Average Cloud Apps Per Enterprise by App Category

Among the top categories in terms of number of cloud apps per enterprise, including those that are not enterprise-ready, marketing had the highest total. While some marketing apps do not hold sensitive data, many contain personally identifiable information about users, their web usage and their buying preferences.

Netskope Resources

• Download the Netskope Cloud Report
• Visit Netskope at RSA Conference booth #S1645 for a product demo
• Learn more about how to gain visibility into enterprise cloud apps and how to ensure they are secure and compliant
• Visit the Netskope Hub for the latest commentary and insight on trends from the Netskope team

About the Netskope Cloud Report

Based on aggregated, anonymized data from the Netskope Active Platform, which provides discovery, surgical visibility and control over any cloud app, the report’s findings are based on millions of users in hundreds of accounts in the global Netskope Active Platform from October 1 through December 31, 2015.

About Netskope

Netskope™, the leading cloud access security broker (CASB), helps enterprises find, understand and secure sanctioned and unsanctioned cloud apps. Through contextual awareness and a multi-mode architecture, Netskope sees the cloud differently. This results in the deepest visibility and control, the most advanced threat protection and data loss prevention and an unmatched breadth of security policies and workflows. The world’s largest companies choose Netskope, the only CASB that ensures compliant use of cloud apps in real-time, whether accessed on the corporate network, remotely or from a mobile device. With Netskope, enterprises move fast, with confidence. To learn more, visit our website.