National Harbor, Maryland, June 13, 2016 - Gartner Security & Risk Management Summit, Booth #451 - The CloudLock CyberLab, CloudLock’s security intelligence arm, today released its Q2 2016 Cloud Cybersecurity Report: The Explosion of Apps: 27% are Risky. Based on analysis across 10 million users, 1 billion files, and nearly 160,000 unique applications, the report focuses on one of the riskiest attack vectors in the cloud: connected third party cloud apps.
As more and more organizations adopt cloud platforms, new Shadow IT risk vectors are coming into play in the form of connected third-party apps. These apps (and by extension, their vendors) are authorized using corporate credentials, have programmatic (API) access to corporate data on multiple SaaS platforms via OAuth connections, and can act on behalf of users to access, delete, store, externalize and exfiltrate data.
30x Increase in Connected Apps
The shadow IT dilemma is only becoming more challenging as usage is increasing exponentially year over year. From 2014 to 2016, we’ve seen nearly a 30x increase in apps from 5,500 to nearly 160,000. Each application instance represents a backdoor through which hackers can infiltrate and externalize sensitive corporate assets.
27% of Apps Connected to Corporate Environments Are High Risk
Measuring risk by a combination of access scopes, community-sourced ratings, and expert-driven analytics, the CloudLock CyberLab found that 27% of third-party apps are classified as high risk through which cybercriminals could gain programmatic access to corporate platforms impersonating end users.
More than Half of Apps Are Banned Due to Security-Related Concerns
An organization may embrace its employees’ 'shadow' exploration of innovative technology solutions and sanction a subset of these apps as Productivity IT, but it’s essential to closely monitor the connected third-party apps and identify cloud native malware in real time. Security conscious enterprises recognize the high risk associated with connected third-party apps and take immediate action. While apps can be banned for any number of reasons, including concerns around productivity, a clear majority are banned because of the security vulnerabilities they introduce.
Key Recommendation: Reduce Cloud App Risk by Establishing an Acceptable Use Policy
By enacting a high-level strategy, coupled with an Acceptable Application Use Policy, organizations can significantly reduce the application risk level organization-wide. Automating whitelisting or banning of potentially risky applications is an effective strategy. One of CloudLock’s customers auto-revokes any app labeled as high risk unless it has been whitelisted based on CloudLock Cloud Application Risk Index (CARI), effectively reducing the unique number of apps by 34%, significantly decreasing the associated risk level. CARI is the industry's first application risk index that relies on trust ratings from over 750 organizations’ IT security teams, as well as application access scopes and research-based vulnerability intelligence.
"The shift to the cloud creates a new, virtual security perimeter that includes third-party apps granted access to corporate systems," says CloudLock Director of Customer Insights and Analytics Ayse Kaya Firat. "Today, most employees leverage a wide variety of apps to get their jobs done efficiently, unwittingly exposing corporate data and systems to malware and the possibility of data theft." CloudLock’s report shares critical data to help organizations understand the exponential growth of this new risk vector as well as the associated risk and how security conscious enterprises are taking action.
To download the full report, please visit: The Explosion of Apps: 27% are Risky.
CloudLock is the only security vendor uniquely combining U.S. and Israeli Military Intelligence with real-time, crowdsourced cloud security insight. CloudLock continuously monitors over one billion files daily across more than 10 million users. Security professionals feed into CloudLock’s unique security insight through peer-driven, crowdsourced Community Trust RatingsTM. This intelligence allows organizations to immediately respond to emerging cloud cyber threats and risky apps.
CloudLock is the cloud-native CASB and Cloud Cybersecurity Platform that helps organizations securely leverage cloud apps they buy and build. CloudLock delivers security visibility and control for SaaS, IaaS, PaaS and IDaaS environments across the entire enterprise in seconds. Founded by Israeli Elite Cybersecurity Military Intelligence experts, the company delivers actionable cybersecurity intelligence through its data scientist-led CyberLab and crowdsourced security analytics across billions of data points daily. CloudLock has been recognized by Inc. Magazine as the fastest growing security product company in the U.S. and by Glassdoor as one of the top 3 best places to work in the U.S. Learn more at www.cloudlock.com.
See Cisco Cloudlock in action from one of our cloud security experts
Your browser version is outdated.
We would recommend you upgrade to a recent version to ensure that you have a good experience on the CloudLock site. Outdated browsers also increase your security risk. So please update your browser and come back later!
Click on the icon below to download the latest version of your browserClose