In our recent report, we focused on cloud cybersecurity trends and considerations in light of the extended perimeter. This was examined in terms of three structural components: data, apps, and users. The most fascinating aspects are the growth, the sensitivity of the data, and the risks associated with third-party cloud apps.
When examining cloud growth from 2014 to 2015, the data is striking. In fact, we’ve seen a 10x increase in the number of files stored in public cloud applications. We have also found a 4x increase in the amount of external collaboration via public cloud applications. Additionally, the number of unique third-party cloud applications connected to corporate systems per organization has grown 4x.
Cloud Cybersecurity Risk
This growth highlights concerns over the amount of potential risk introduced by cloud applications. For instance, on average, organization have 100,000 files that represent cybersecurity risk, with a total of 4,000 files per organization that contain corporate credentials such as passwords. Further, 1 in 4 employees violate corporate security policies in public cloud applications.
Third Party Cloud Apps
In focusing at the riskiest third-party apps – those that are enabled by your employees through their corporate credentials, thereby gaining access to core corporate cloud applications – the picture becomes even more clear.
We have discovered over 77,000 unique third-party applications. Depending on their access scopes, these applications are enabled by employees to introduce considerable cloud cybersecurity risk. For instance, third-party cloud applications can externalize highly sensitive information, such as corporate roadmaps, dev. code, and confidential financial information.
They can also change passwords, provision or de-provision administrators, and even delete corporate assets. One of the most surprising data points we unearthed is that 2% of third-party application installs are enabled by highly privileged administrators – a highly discouraged practice with obvious cybersecurity implications.
Investigating applications that have been classified, we found that 50% of applications are banned for security reasons, including a lack of vendor trustworthiness (consider the use case of counterfeit or malicious applications) or excessive access scopes (see above), while others are banned due to their inappropriateness for the workplace.
Cloud Cybersecurity Report: The Extended Perimeter
The bottom line is that sensitive data is moving to the cloud, beyond the control of your perimeter controls. While cloud applications offer a wide range of benefits, the risk of ignoring the extended perimeter they cause is extreme.
Security teams must monitor in real time, perform deep content analytics, convert actionable insights into data that matters, and take risk appropriate controls to align with strategic business goals for maximum impact.
Download the report today – no form fill out required – for a deeper dive into cloud cybersecurity considerations.