IT Security

Shadow IT risks persist

by Mark Rowe

Risks associated with shadow IT persist, according to a cloud security product company. Those risks include the use of cloud services that don’t encrypt data at rest, external sharing of sensitive corporate data, and compromised credentials. Kamal Shah, VP of products and marketing at Skyhigh Networks, called 2014 the year of the cloud’s arrival as a fundamental tool for the Global 5000 enterprise. He said: “The average European employee uses 23 cloud services, many of which represent unsanctioned or shadow IT and highlight the growing risk and opportunity for IT teams to securely enable cloud services within their organisations.”

The average European company had 782 cloud services in use in Q4 2014, up from 588 in Q1 2014. This growth was lopsided across categories. Collaborations services (eg. Microsoft Office 365, Gmail, etc.) experienced the largest rate of growth in Europe at 99 percent. Development services (eg. GitHub, SourceForce, etc.) were the second fastest-growing category, 62 percent.

The number of cloud service providers investing in key security capabilities more than doubled in 2014. Specifically, 1,082 (11 percent of all services) encrypt data at rest versus 470 in Q4 2013, 1,459 (17 percent) offer multi-factor authentication versus 705 in Q4 2013, and 533 (5 percent) hold ISO 27001 certification versus 188 in Q4 2013.

A third, 33 percent of employees upload sensitive data to file sharing services, and 22 percent of all files uploaded to file sharing services contained sensitive data. Beyond file sharing, 4 percent of fields in other critical business applications such as CRM contain sensitive personally identifiable information (PII) or personal health information (PHI) data subject to regulatory compliance.

Analysing the use of file sharing and collaboration services found that 10 percent of documents were shared with business partners outside the company. Of externally shared documents, 2 percent contained sensitive data. Even more concerning was the fact that 18 percent of external collaboration requests went to third party email addresses (e.g. Gmail, Hotmail, and Yahoo! Mail).

The vast majority of companies have users with at least one stolen credential and the average company had 12 percent of users affected. The most exposed industries are Real Estate, High Tech, and Utilities, while the least exposed are Government and Healthcare. With 31 percent of passwords reused across websites and applications, stolen login credentials pose significant risk to corporate data.

The full global report is available here: http://www.skyhighnetworks.com/cloud-report.

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing