Continuing to deliver mind-blowing insights from cutting-edge cybersecurity research, CloudLock CyberLab, our security intelligence arm, launches the Q2 Cybersecurity Report at The Gartner Risk and Security Summit, today. Surfacing one of the riskiest cloud attack vectors, the Q2 report focuses on the accelerating growth of connected third-party cloud apps, the risks they pose and how security conscious organizations are taking action.
Before we dive into the key findings of the report, let’s discuss what we mean when we say connected third-party cloud applications and why they are the riskiest subset of all Shadow IT applications.
Traditionally, Shadow IT refers to any application employees utilize without IT approval. All of these apps can introduce administrative challenges and some security vulnerabilities, but the true threat lies within a specific subset, the apps that touch the corporate backbone, and communicate with corporate SaaS platforms via OAuth connections. As more businesses adopt cloud platforms, the employees find themselves in an ocean of third-party apps offered in various marketplaces, app stores and the Internet at large. As they authorize apps using their corporate credentials, they give them (any by extension, their vendors) programmatic (API) access to their corporate data. With excessive access scopes asking permission to create, delete, store or externalize all documents, calendars, or contacts of an employee, connected third-party cloud apps introduce millions of backdoors into corporate environments all of which can easily be exploited as potential gateways for cybercriminals.
Today, most employees leverage a wide variety of apps to get their jobs done efficiently, and in the era of API economy, all cloud platforms bolster this usage seeing it as a win-win situation for all stakeholders in the equation. There is more money to be made by cloud platforms and developers and “there is an app to solve everything” for end-users.
How big is the growth?
Looking at over 750 corporations and more than 10 million users, CloudLock CyberLab identified 150,000+ unique apps connecting to corporate cloud environments, a number that increased by 30x in the last two years alone.
Growth is one interesting variable to look into, but it becomes critical only when coupled with risk. In this report, CyberLab unveils Cloud Application Risk Index (CARI), industry’s first app risk index that relies on ratings from over 750 organizations’ IT security teams as well as app access scopes and research-based vulnerability ratings.
Sea (Risk) Levels are Rising
Measuring risk using specific CARI dimensions (Data Access Requirements + Community Trust Rating + Application CyberThreat Intelligence), CyberLab found that 27% of connected third party apps are of high or very high risk and they need immediate attention from corporate security teams.
What are the key takeaways for IT Security Teams?
Smart and security conscious organizations recognize the risk and take immediate action. Over half of third-party apps are banned and revoked from corporate environments by IT security due to security-related concerns. While apps can be banned for any number of reasons, including concerns around productivity, a clear majority are banned because of the security vulnerabilities they introduce.
Bottomline: Embrace a Strategic Approach, Take Action in Real Time
Organizations need to develop a high-level strategy as well as a specific Application Use Policy to decide how they will whitelist or ban applications, and share this vision with their end users. Automating workflows (identifying, whitelisting, banning and revoking apps in near real time) has become more important than ever. One of CloudLock’s customers, a UK based retailer, with over 5,000 unique apps decided to auto-revoke any app labeled as high risk unless it has been whitelisted based on CloudLock risk scores, reducing the unique number of apps by 34% immediately, significantly decreasing the associated risk level.