A report from Skyhigh Networks has examined the issues for enterprises who share cloud data with partners, with almost 30% of data shared with partners considered “high risk.”
The report, the latest Cloud Adoption and Risk Report, argues the case that security does not end at the corporate perimeter. The average number of cloud services in use by company has risen again, from 545 in Q313 to 923 in Q115. Broken down by cloud service category the average company uses 162 distinct collaboration services, 51 development services, 49 file sharing services, 42 content sharing services and 30 social media services, with the average employee using 28 cloud services.
Assessing the recent Target breach, which cost the company $148 million to fix, the attackers exploited an unsecured heating and cooling vendor to get around Target’s security defences. Skyhigh therefore fires a warning shot about how much data is uploaded to various partners of the company. According to the research a third (33.7%) of data is uploaded to media and entertainment, followed by manufacturing (20.9%), high tech (16.6%) and retail (11.3%).
Even though only 8% of partners are considered “high risk”, this transfer accounts for 29% of data overall. The riskiest partner industries were telecommunications, agriculture and mining, and construction and real estate. Skyhigh gives examples of high risk partners, including an advertising agency with 1565 compromised identities, and an airline with 209 machines infected with malware and 9716 compromised identities. The message is clear: if you connect with partners such as these, your data is seriously at risk.
But which vendors enable the most connections between partners? Given most partner activity is for collaboration, customer service and file sharing, the apps identified reflect this. Cisco WebEx was the most popular collaboration tool ahead of Slack and Office 365; Sharefile was the number one for file sharing ahead of Box and Wiredrive, and Zendesk was the most popular for customer service beating Salesforce and GrooveHQ.
Skyhigh again chose this moment to fire a warning shot across the bows. “As more attackers seek to exploit vulnerabilities in partners to infiltrate high value targets with sensitive data, super partners could potentially lead to large scale attacks that compromise hundreds of companies at the scale of the Target or Sony breaches,” the report explains.
The overall ethos of the report is to control operations as much as you can, and to ensure as little ‘shadow IT’ activity – unless it’s harnessed properly, as sister publication Enterprise AppsTech has previously explored.
“As cloud adoption in the enterprise steadily increases, the cloud is having a measurable impact on the way businesses operate,” the report notes. “IT departments are migrating to cloud services to take advantage of faster time to market, lower cost, and increased operational efficiencies.
“In parallel, employees are rapidly adopting cloud services that help them do their jobs better and with greater mobility. However, not all employee-led cloud adoption is sanctioned or even known to the IT department,” it adds.
You can take a look at the full report here.