Virtualization Technology News and Information
3 Reasons Enterprises Should Strengthen Their Security Strategy Against Hidden Cloud Threats

3 Reasons Enterprises Should Strengthen Their Security Strategy Against Hidden Cloud Threats

Article Written by Jamie Barnett, CMO at Netskope

If one thing is clear in today's enterprise workplace, it's that corporate IT departments must continuously evolve their strategies to keep pace with the security challenges posed by the increasingly cloud-driven, mobile-first workplace. While cloud and mobile were once question marks for IT departments hesitant to expand their remit beyond the traditional perimeter, both are now firmly entrenched in the mainstream and are being discussed at every level from IT to the board of directors. Enterprises now use an average of 917 cloud apps, many of them unsanctioned. A staggering 94 percent of those apps are not enterprise-ready, lacking core security certifications and auditing functions, which makes them more prone to vulnerabilities and exploits, as well as weakening their service level agreements (SLAs). It's a startling total -- more so when considering that most organizations underestimate the number of cloud apps in use by a factor of 10. And the problem is only getting more severe as these apps become more popular among employees who rely on them to get their jobs done.

This increase in cloud and mobile opens enterprises to specific and growing cloud-borne threats. By now, most IT professionals have recognized that a lot of sensitive business data are uploaded to the cloud. The challenge most organizations face is finding the balance between empowering employees to access and use cloud apps and protecting against data loss. It's clear there's much more to be done -- a recent survey Netskope conducted at the 2016 RSA conference revealed that in the wake of recent high-profile breaches there's a growing need for a more unified security strategy among enterprises. The survey uncovered the top three reasons IT needs to take action against these growing threats. Here's some more insight into these threats and recommendations for tackling the challenge:

Cloud app usage poses greater risks of insider threats

With greater cloud app usage comes greater responsibility to know what employees are doing with what data and apps. Increased use of unsanctioned apps means more risk of sensitive business data being accidentally exposed. Human error accounts for 52 percent of the root cause of security breaches. Most of the time, employees aren't acting maliciously, but the fallout can be immense whether intentional or not, and cloud app security strategies must protect against both scenarios. One way to address this issue is through employee training. Beyond that, data loss prevention tools are an effective means to mitigate the risk of a company's most insecure endpoint: the employee.

Most security strategies overlook the cloud as a threat vector

According to Cisco, by 2019 there will be 5.2 billion global mobile users (that's 69 percent of the world), 11.5 billion mobile-ready devices and 4.6 billion smartphones. While it's true that cloud apps enable greater productivity and collaboration for today's mobile workforce, they are also a growing threat vector. Recent Netskope research estimates there is malware in the sanctioned apps of 4 percent of enterprises. This is a significant total: sanctioned cloud apps represent less than 5 percent of an enterprise's total cloud app footprint. Unsanctioned apps, which can be more difficult to identify, pose a potentially greater risk because they have not been formally assessed by the IT department. Despite this, only 37 percent of respondents at RSA said their organizations had solid policies in place to address cloud-based threats. As cloud apps continue to become more of a threat vector, enterprises should bolster their security posture to cover both the apps and the sensitive content in them, along with their respective devices.

Disjointed security policies expose organizations to threats

Respondents surveyed at RSA indicated that their organizations don't have clear, organized policies around how users should access the network, cloud, personal mobile devices and company-issued mobile devices. They also said that the large majority of policies still focus only on the network, overlooking the intersection of cloud risks and human error. This points to a disconnect between C-level executives and IT when it comes to cyber security. Fragmented policies often mean finger-pointing in the face of a breach or exposure, and with no real solution, executives often don't feel responsible for the repercussions, leaving enterprises vulnerable. In light of all of this, it's important that IT departments plan to increase their budget to better address threats and adapt to new security realities in 2016. And in doing so, IT leaders should selectively choose the right IT staff to act as transparent administrators and guardians of a company's security policies.

There's no silver bullet that will allow IT departments to ensure strong security across the entirety of a company's cloud app ecosystem, but there are concrete steps they can and should take to be better prepared. Ultimately, organizations need better and more granular visibility into finding all of the cloud apps in their environment -- sanctioned or unsanctioned. And they need to invest the time and money into understanding how the apps are being used and how to secure the data within them. Getting this right means employees will be able to use the cloud tools they need to do their jobs well, without exposing the company to security risks from the use of those cloud apps.


About the Author

Jamie BarnettJamie Barnett, CMO at Netskope

Jamie Barnett is chief marketing officer for Netskope. Prior to Netskope, Jamie served in product management and marketing leadership roles at enterprise mobility software company Zenprise, security leader McAfee, and sensor software startup Blue Vector. Prior to that, she held a number of management positions at EMC, including co-founding the data management company's security division and leading the charge for its acquisition of RSA Security. 

Jamie has a bachelor of science from U.C. Berkeley and a MBA from Stanford University. 

Published Monday, May 23, 2016 6:57 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<May 2016>