Cloud collaboration violations on the rise
Tue 13 Jun 2017
A new study by Netskope shows that as cloud collaboration grows in popularity, violations of data loss prevention (DLP) activities are on the rise as well. Almost 10% of DLP violations were attributed to collaboration for the first quarter of 2017, and that number is expected to rise.
Cloud collaboration by employees, whereby files are shared, edited and updated as part of a shared platform then uploaded to the cloud, have begun to contribute significantly to data loss. While insecure webmail accounts for the highest share of DLP violations discovered by Netskope, at 43%, the 9.8% of violations attributed to cloud collaboration should concern enterprise security for two reasons.
First, most organizations that use a cloud collaboration platform such as Box, Dropbox, OneDrive or Slack do not have a specific security protocol to protect sensitive information within the shared files. Data loss prevention has been addressed on-premises, but these activities generally operate within the enterprise perimeter rather than in the cloud.
A recent study by Skyhigh research found that 43% of company files can be found on collaboration platforms. 17.7% of these files may be viewed by anyone in the organization without specific invitation, and 2.7% are publicly accessible through internet search engines.
The other concern regarding cloud collaboration is that its use is on the rise. The cloud collaboration market is expected to nearly double in size from $23.39 billion in 2016 to over $40 billion by 2021. Banking and financial services are expected to be the largest contributors to that growth as demands for agility and customer service require increasing employee collaboration; however, financial data is often targeted by malicious actors and therefore is a high priority to manage securely.
Netskope also introduced the concept of hybrid cloud/web threats in the Q1 2017 cloud security review. A hybrid cloud/web threat is malware that uses both cloud and web services to attack a system or a specific user. In a hybrid cloud/web threat, malware infects a device through a standard channel such as a compromised application download or infected file. Once downloaded, the malware calls to various services across the web and the network cloud to access fragments of malicious code, which bypass security restrictions as each fragment is innocuous prior to assembling. The initial malware then decrypts and combines the fragments to begin a system attack.
The security research team at Netskope believes that hybrid cloud/web threats will become more prevalent as cloud adoption increases, and the lines between cloud and web continue to blur.