IBM has created a Cloud Security Enforcer service to give companies a more commanding view of all third-party cloud apps used by their employees and new powers to secure them. The Enforcer aims to give companies more control over granting access to corporate data and applications.
Most companies can only see a fraction of the cloud applications used by their workforce, according to IBM’s research. An Ipsos poll, conducted on behalf of IBM in July, found that one-third of employees at Fortune 1000 companies are sharing and uploading corporate data on third-party cloud apps. These employees increasingly engage in risky practices on these tools, such as signing in with their personal email addresses, using weak passwords or re-using corporate log-in credentials, says IBM.
The cloud’s productivity dividend for companies is being undermined by the loss of control of corporate data and the lack of employee protection, it says. The Millennial generation (those born between 1982 and 2002) are the worst offenders and the biggest users of cloud apps, according to IBM’s study. By 2020 half the employees at Fortune 1000 companies will be millennials and of these 51 per cent use cloud services at work. One in four employees links these apps to his or her corporate log-in and password, leaving loopholes through which hackers can gain access to company networks.
Rogue activities on unsanctioned apps, known as ‘Shadow IT’, lead to a loss of control that IBM’s new cloud-based tool combats by scanning corporate networks, finding the apps that employees are using and providing a more secure way to access them. The system was built in partnership with file sharing app maker Box, which aims to strengthen the security of files shared over mobile devices and the web. IBM has also built secure connectors into Box’s file-sharing cloud app for Cloud Security Enforcer, as well as Microsoft Office 365, Google Apps and Salesforce with more apps connectors to be added to its catalogue.
The Cloud Enforcer users deep threat analytics from IBM X-Force Exchange, IBM’s global threat intelligence network, which is manned by a global network of security analysts which monitors the internet for malicious activity and analyses 20 billion global security events daily.