15% of enterprise cloud app credentials compromised, Netskope report reveals

Research finds high frequency of compromised credentials in enterprises, putting corporate data at risk.

  • Friday, 9th January 2015 Posted 10 years ago in by Phil Alsop

Netskope hasreleased its January 2015 Netskope Cloud Report™ which finds that as many as 15% of business users have had their cloud app credentials compromised, putting corporate data at risk.

 

The report, which monitors enterprise cloud app usage and trends, also shows a continued increase in cloud app usage across enterprises, as well as the high volume at which files are being shared outside of a given organisation.

 

A growing number of users log into business apps using compromised credentials that have been stolen as part of a data hack or exposure, due to a significant increase in data breaches and leaks from a host of major corporations, websites, and cloud apps. As many as 15% of users have had their credentials compromised in a prior data exposure, and many of those users re-use passwords even to log into apps that contain business-sensitive information. This means that the likelihood of users logging into business-critical apps with these credentials is high, putting business-sensitive data at risk.

 

Enterprises are continuing to adopt cloud apps at a fast pace, with an average of 613 cloud apps per organisation in Q4, up from 579 the previous quarter. Based on aggregated, anonymised data from the Netskope Active Platform, which provides discovery, deep visibility, and granular control over any cloud app, the report’s findings are based on tens of billions of cloud app events seen across millions of users between October and December 2014. 88% of apps in use are not enterprise ready, scoring a “medium” or below in the Netskope Cloud Confidence Index TM[1] (CCI). Additionally, the report found more than 20% of organisations in the Netskope cloud actively use more than 1,000 cloud apps, and 8% of files in corporate-sanctioned cloud storage apps are in violation of data leak prevention (DLP) policies, including PHI, PCI, PII, source code, and other policies covering confidential or sensitive data.

 

“2014 left an indelible mark on security -- between ongoing high-profile breaches and the onslaught of vulnerabilities like Shellshock and Heartbleed, CSOs and CISOs had more on their plate than ever,” said Sanjay Beri, CEO and founder, Netskope. “These events underscore the sobering reality that many in the workforce have been impacted by data breaches and will subsequently use compromised accounts in their work lives, putting sensitive information at risk. Employees today have shifted from thinking of apps as a nice-to-have to a must-have, and CISOs must continue to adapt to that trend to secure their sensitive corporate and customer data across all cloud apps, including those unsanctioned by IT.”

 

Top 10 categories of cloud apps in the enterprise

Consumer, prosumer apps and line-of-business apps are all used heavily in enterprises, and the vast majority of apps in each of these categories are not enterprise-ready. Marketing, Finance/Accounting and Human Resources were the categories with the highest number of non-enterprise ready cloud apps – those rating at a “medium” or below in the CCI.

 

 


Category


Number per enterprise


Percent not enterprise-ready


1


Marketing


67


96%


2


Collaboration


43


84%


3


Human Resources


38


93%


4


Productivity


36


89%


5


Finance/Accounting


31


95%


6


Cloud Storage


28


72%


7


CRM/SFA


25


92%


8


Software Development


25


87%


9


Social


18


76%


10


IT/Application Management


16


73%

 


Top-used apps in business

The top 20 apps used by enterprises, based on distinct app sessions, reflects all cloud app access points tracked by the Netskope Active Platform, which includes perimeter device (e.g., firewalls, gateways, etc.) log analysis and real-time visibility of campus PC, remote PC, and mobile device (e.g., smartphones, tablets). Cloud Storage and Social categories dominate, as Enterprise File Sync and Share (EFSS) vendors vie for market share.

 


Cloud app


Category


1


Google Drive


Storage


2


Facebook


Social


3


YouTube


Consumer


4


Twitter


Social


5


Google Gmail


Webmail


6


iCloud


Storage


7


Dropbox


Storage


8


LinkedIn


Social


9


Microsoft OneDrive


Storage


10


Box


Storage


11


Salesforce.com


CRM/SFA


12


WebEx


Collaboration


13


Evernote


Productivity


14


Microsoft Office 365


Collaboration


15


Pinterest


Consumer


16


LivePerson


Call Centre


17


HubSpot


Marketing


18


Amazon CloudDrive


Storage


19


Yammer


Social


20


Concur


Finance/Accounting

 


Top policy violations and the rise of DLP

Based on a normalised set of apps, categories, and activities, the five cloud app categories with the highest volume of policy violations[2] include Cloud Storage, Webmail, CRM and SFA, Social and Collaboration. DLP policy violations involving the upload of data outnumber violations involving the download of data by nearly three to one, while 8% of content files contain DLP violations, irrespective of when content was uploaded. 25% of all files are shared with one or more people outside of the organisation; 40% are shared within the organisation and 35% are private. Of external users who have links to content, nearly 12% have access to 100 files or more.

 

Violation


Download


Upload


Login


View


Share


Delete


Edit


Login Attempt


Create


Login Failed