In light of recent revelations about a Home Depot hack and Russian hackers stealing 1.2 billion online credentials, I have had many conversations with my company’s chief information officer and chief information-security officer customers about the intersection of cloud and security threats.
Data breaches are growing both in number and intensity. At the same time, enterprise use of software as a service has skyrocketed. There are 508 cloud apps per enterprise, including 39 HR, 34 storage, and even 32 finance. These apps are both popular among business users and increasingly critical to the business.
While most people believe that cloud apps are as secure as on-premises ones or more so, there are certain realities about the cloud that point to increased data breach risk. Those include the massive, largely unfettered cloud growth, access by an increasing number of devices (3.3 per knowledge worker, according to Cisco), and most interesting to me, the easy sharing of data. A recent report also revealed that for every upload to a cloud-storage app, there are three shares.
We are on a collision course: data breaches against cloud usage. A recent Ponemon Institute study explained that enterprise’s cloud adoption is creating a “multiplier effect” of up to three times the probability of a breach. I see three ways a cloud app can play a role in data breaches: It can be an entry point for an external attacker. It can be hacked. And an insider can intentionally or inadvertently expose data.
This collision course needn’t end up as a fiery mess, though. You can repave it. Based on my work with IT and security leaders, here are five actions you can take now:
1. Discover your cloud apps.
Understand those apps’ enterprise-readiness and which make you more or less prone to breach. Does the app encrypt data at rest? Does it separate your data from that of others, so your data is not exposed when another tenant has a breach? In our report, 81.3 and 72.8 of data uploaded to cloud apps with no encryption of data-at-rest and no separation of tenant data, respectively. That’s shockingly high.
2. Migrate users to high-quality apps.
Cloud-switching costs are low. You can choose apps that best suit your needs. If you find ones that don’t fit your criteria, talk to your vendor or switch. I know that’s easier said than done, but now, more than ever, you have choices, and the discovery process in step one will help you find them.
3. Find out where your data is going.
Beyond discovering apps, take a look at your data in the cloud. Review uploads, downloads, and data at rest in apps to get a handle on whether you have potential personally-identifiable information (PII) payment-card industry, or protected-health information (PHI) violations, or whether you simply have confidential data in or moving to cloud apps.
4. Look at user activities.
Understand those apps and data in the context of user activity. For example, from which apps are people sharing content? One-fifth of the apps we track enable sharing, and they aren’t just cloud storage. They range from customer-relationship management to finance to business intelligence. Knowing who’s sharing what — and with whom — will help you to understand what policies to enact.
5. Mitigate risk through granular policy.
Start with your business-critical apps and enforce policies such as “block the upload of PHI,” “block the download of PII from HR apps,” or “temporarily block access to Heartbleed-vulnerable apps” — policies that matter to your organization in the context of a breach. Being precise about these policies will help you address the real risks while still enabling cloud usage.
Sanjay Beri is chief executive of Netskope.