CISOs struggling to contain 'shadow' universe of consumer cloud apps

Number of insecure cloud apps reaches 500 per enterprise, says Netskope

Share

The number of ‘shadow’ cloud apps being used in European businesses continues to surge, barely any of which meet enterprise standards for auditability, security and continuity, according to the first EMEA figures published by security services outfit Netskope.

Reading the list of the most popular cloud apps being used firm inside its enterprises customer base in the first quarter of 2015, it’s not hard to guess what the problem might be - Google Drive, Gmail, Hangouts, Facebook, Twitter and Dropbox are prominent on the list with Salesforce, Microsoft OneDrive for Business, DocuSign and SmartDraw also up there.

The average EMEA business is now running 511 of these with around one in seven raising that number to over 1,000. Nine out of ten fail Netskope’s own set of security definitions which it says have been accepted by the Cloud Security Alliance (CSA) as accurately defining app riskiness.

Most admins predicted around one tenth the number of apps were in use on their networks, a symptom of the problem created by the parallel universe of shadow IT that is largely invisible, Netskope said.

The danger is that many of these accounts are not secure and sure enough 13.6 percent of the users in the global database have had a cloud app account compromised in some form. Within compromised accounts that also accessed Salesforce, this rose to almost a quarter.

“While there’s a more common understanding and acceptance of ‘shadow IT’ across organisations, there’s a corresponding rise in the volume of unsanctioned cloud apps in use,” said Netskope founder and CEO, Sanjay Beri.

This was just the way IT was going to be from now on, he said. “It’s critical that organisations maintain a deep level of visibility and governance over their cloud app infrastructure so they can spot and mitigate a suspicious pattern before it becomes an issue.”

So why are users taking to these apps so enthusiastically? Beyond the traditional category of email, storage seemed to be another motivation with many of the top 20 popular apps falling into that category.

Netskope’s database runs to around 5,000 apps in total, an indication of the huge growth in this type of software.

As a breakout session attended by Netskope at last May’s CITE Conference and Expo in San Francisco suggested, the issue of shadow IT underlines how little power CISOs now have when it comes to the topic. On the other hand, not all cloud apps are necessarily bad even if they breach data loss prevention policies. Flexibility was needed.