(c)iStock.com/LeoWolfert
A new piece of research from cloud security provider CloudLock argues that more than a quarter of cloud apps connected to corporate environments were seen as high risk.
The report, the firm’s Q2 2016 Cloud Cybersecurity Report, gave a generally pessimistic warning over the threats of shadow IT. From 2014 to 2016, CloudLock has observed an almost 30 times increase in apps used under shadow IT, from 5,500 to almost 160,000. What’s more, over half of third party apps are banned because of security concerns.
The level of risk is defined by CloudLock’s Cloud Application Risk Index (CARI), which evaluates any potential threat across access scopes, community trust ratings, and application threat intelligence, taking into account past breaches and security certifications, as well as community sourced intelligence.
27% of the 156,796 apps overall were considered high risk, compared with 58% at medium risk and 15% at low risk, while the researchers found that across all industries there was a relatively even mix of low, medium and high risk applications. Finance, for instance, has only 8% of apps used in their organisations which are considered low risk by CloudLock – perhaps a surprise given the strict data compliance plans that are normally in place.
On average, an organisation’s users connect 733 third party apps to the corporate environment, the researchers argue. Naturally, this has its peaks and troughs; healthcare providers (138 on average) and media and entertainment (422) pale when compared to retail (2,498) and manufacturing (2,169), but when normalised by size, media, higher education, and technology are the largest consumers. “In these industries with more tech-savvy users, applications are abundant and increasing in use at faster rates,” the report notes.
“The shift to the cloud creates a new, virtual security perimeter that includes third-party apps granted access to corporate systems,” said Kaya Firat, CloudLock director of customer insights and analytics. “Today, most employees leverage a wide variety of apps to get their jobs done efficiently, unwittingly exposing corporate data and systems to malware and the possibility of data theft.”
You can read the full report here.