Security does not end at the corporate IT perimeter, says a network product company. Skyhigh Networks, a cloud security and enablement company, has released the sixth edition of its quarterly Cloud Adoption and Risk Report. The study covering the first quarter of 2015, derived from analysis of actual cloud usage across over 17 million employees, expands its scope to include the risk to enterprises from business partners connected through the cloud.
After vendors served as entry points in recent high-profile breaches, security vulnerabilities associated with partners have received increased attention, the firm says. The report reveals that cloud services are rapidly becoming the primary connectors between businesses, with the average company connecting with 1,555 partners. The report measured partner risk based on a several security attributes and found that 8 per cent of all partners are high-risk and that 30 per cent of total data shared with partners is shared with these high-risk partners.
The full report is available here: http://www.skyhighnetworks.com/cloud-report/.
Sekhar Sarukkai, co-founder and VP of engineering at Skyhigh Networks, said: “Security of any enterprise is only as strong as its weakest link and recent breaches have shown that partners are often the weakest link. Therefore, enterprises must have visibility into the security risks of their business partners so they can take the necessary steps to protect themselves.”
High-risk data
A number of attributes can classify a partner as high-risk, including being affected by malware of botnets, having compromised identities for sale on the darknet, suffering from a breach, or being exposed to vulnerabilities such as POODLE. High-risk partners receive 30 per cent of all data shared with partners — a disproportionately large amount. Many partners are well connected among the largest organisations, meaning a vulnerability within a single partner could have far-reaching consequences. The risk of these super partners is higher than overall rate, with 12.5 per cent considered high-risk. Top super partners include pest control, IT services, software, equipment manufacturing, hospitality, and consulting companies.
The report gives the risk attributes for several example partners. One airline had 9716 credentials for sale on the darknet and 209 devices infected with malware. A financial services technology provider had 1,216 compromised identities across 19 darknet sites. An advertising agency had 1,565 compromised identities for sale across 29 darknet sites. All three partners are still vulnerable to POODLE.
Enablers of the cloud
Certain cloud services stand out as hyper-connectors, enabling the most partner connections. The top cloud connectors in the customer support category are Zendesk, Salesforce, and GrooveHQ. For file sharing, Sharefile, Box, and Wiredrive are the top connectors. In the collaboration category, the top connectors are Cisco WebEx, Slack, and Office 365.
Highest risk categories
Not all partner categories are equal when it comes to risk. Telecommunications companies had the highest percentage of high-risk businesses, at 30 per cent — double the rate of the tenth highest-risk category, travel. Security teams should pay special attention to interactions with partners falling into the categories on this list.
