Cloud App Security Trends: Malware

 

Do you know the real scale of the threats you face when it comes to cloud app security? The thing is, we’re all aware of the problem – it’s widely covered in the media, after all – but when it comes to the specifics, we can be a little fuzzy. So I wanted to spend this week’s blog pulling a few interesting findings from Netskope’s recent global Cloud Report (April 2016). A well-known provider of cloud security services, Netskope positions this regular report as the only one “that examines active cloud usage rather than static log data... to highlight what’s happening in the cloud right now” – and so reveal where the real risks are.

Malware, the ‘fan out’ effect – and the GDPR (again)

“Because of the cloud’s many connected endpoints, we have seen malware spread exponentially in a short period of time, creating a rapid fan-out effect."

The Cloud Report found that, on average, enterprises have 917 cloud apps in use – a steep rise of 21% from the previous seasonal report. In addition, more than 90% of those apps are not considered “enterprise ready”, and with Marketing a particular area of concern. Even more pertinently, the report found that 4.1% of enterprises have sanctioned cloud apps that are actually “laced with malware” like trojans and worms. This doesn’t sound like too big an issue until you also appreciate that sanctioned apps typically only account for less than 5% of an organisation’s total cloud app footprint. So it’s entirely reasonable for us to expect malware to be far more prevalent in the cloud than many might expect. The report commented that “because cloud apps make it easy for users to sync and share, malware can travel more rapidly than traditional malware, creating an attack ‘fan-out’ effect. The cloud is also being used to propagate ransomware.” Worrying stuff – which makes the case for a properly thought-out and rigorously enforced approach to cloud access and security even stronger. The malware threat is not going to diminish; quite the reverse.

Finally, if you’ve been following these blogs recently, you’ll know I’ve already written about the European Union’s General Data Protection Regulation (GDPR), and that organisations have two years to comply and so avoid strict punitive measures. Not surprisingly, the Cloud Report had something to say on the topic, namely that enterprises that are subject to the new GDPR data protection framework “face an uphill battle [to comply], with only 12.7% of their cloud apps supporting data portability requirements and only 40.1% ensuring users’ data will not be shared with third parties.” As I’ve written before, enterprises need to take action now.