Académique Documents
Professionnel Documents
Culture Documents
Table of Contents
INTRODUCTION ........................................................................................................2
SENSITIVE DATA IN THE CLOUD ...........................................................................3
Types of Sensitive Data .....................................................................................4
Whats in a Name? ..............................................................................................5
Worst Employee of the Month .........................................................................7
SHARING AND COLLABORATION ..........................................................................7
File Sharing Reaches an All-Time High ...........................................................8
When Sharing is Erring ......................................................................................9
The Shadow Code Repository ....................................................................... 10
INTERNAL AND EXTERNAL THREATS............................................................... 11
Your Own Worst Enemy .................................................................................. 12
Compromised Accounts .................................................................................. 12
Data Exfiltration............................................................................................... 12
USAGE TRENDS ..................................................................................................... 13
Average Number of Services ......................................................................... 13
Security Controls Vary by Provider ............................................................... 15
Usage by Platform ........................................................................................... 16
THE TOP CLOUD SERVICES ................................................................................ 18
Top 20 Enterprise Cloud Services ................................................................. 19
Top 20 Consumer Cloud Services.................................................................. 20
Top 10 File Sharing Services .......................................................................... 21
Top 10 Collaboration Services ....................................................................... 22
Top 10 Social Media Services ........................................................................ 23
OUR METHODOLOGY ........................................................................................... 24
Introduction
Four years ago, entrepreneur and investor Marc Andreessen wrote about
how software impacts nearly all areas of modern life.1 The primary
platform for software applications today is not a hard drive; its a web
browser. Software delivered over the Internet, referred to as the cloud,
is not just changing how people listen to music, rent movies, and share
photos. Its also transforming how businesses operate. Studies have
shown that businesses taking advantage of productivity-enhancing
cloud services grow 19.6% faster than their counterparts that dont.2
Because employees often bring their own apps to work, companies
Companies that embrace the
cloud grow 19.6% faster
typically dont know which ones are being used to store corporate
data. Even within the cloud services purchased by a companys IT
department, there is limited visibility into user behavior and how
sensitive information is accessed and shared. Similar to previous shifts
in technology, such as the rise of the PC and the Internet, the cloud
creates new and significant concerns among business leaders about the
potential for headline-making security incidents.
To better understand these trends, Skyhigh Networks publishes a Cloud
Adoption & Risk Report, the first and most comprehensive report of
its kind. What makes our report unique is that we base our findings on
actual usage data for over 23 million users worldwide, more than any
other similar study.
In this report, we detail the types of sensitive data stored in cloud
services, how that data is shared within organizations and with third
parties, and how risky employee behavior can expose data. We also
examine the external threats that use the cloud to exfiltrate sensitive
data pilfered from on-premises systems as well as attacks directed at
sensitive data stored in cloud services. Finally, we cover general usage
trends including the top most widely used cloud services.
WHATS IN A NAME?
As recent high-profile data breaches demonstrate, cyber criminals
are seeking out documents containing company budgets, employee
salaries, and employee Social Security numbers. Their goal is often
to disrupt the operations of these companies or use this information
for financial gain. Its not uncommon for employees to use words like
bonus, budget, or salary in file names. The average organization
stores thousands of such documents in file sharing services.
Users also upload image and PDF copies of passports, PowerPoint files
with information on competitors, local database files from programs
such as Microsoft Access with employee salaries, and draft press
releases that could be used for insider trading. The average company
has hundreds of MSG and EML format email files containing sensitive
information, exported from email programs such as Outlook. When
exported, their file names usually contain the email subject.
In a later section well examine how many files are shared externally,
and how many are publicly accessible to anyone on the Internet.
10
11
COMPROMISED ACCOUNTS
Slightly more than two thirds of organizations experience account
compromises each month. On average, organizations experience 5.1
incidents each month in which an unauthorized third party exploits
stolen account credentials to gain access to corporate data stored
in a cloud service. Earlier research by Skyhigh has shown that 92%
of companies have cloud credentials for sale on the Darknet. Many
business-critical cloud services support multi-factor authentication,
and companies can reduce their exposure to account compromise by
enabling this feature.
DATA EXFILTRATION
In order to extfiltrate stolen data from on-premises systems of record
hackers are increasingly turning to public cloud services which are
often unmonitored. The average organization experiences 2.4 cloudenabled data exfiltration events each month and the average incident
involves 410.0 MB of data. One example weve uncovered is a cyber
attack in which malware that infected an employees laptop used
Twitter to exfiltrate the stolen data, 140 characters at a time, across
86,000 tweets.
The average data exfiltration
incident involves 410.0 MB
of data
12
Usage Trends
More cloud services are being launched every week and the percentage
of cloud services that are enterprise-ready increased this quarter. Put
together, organizations have never had more cloud apps to choose
from that provide robust levels of security for enterprise data. Cloud
adoption in the workplace continued to increase this quarter, albeit at a
slower pace than last quarter. Companies and employees both actively
use a greater variety of cloud services.
13
14
15
USAGE BY PLATFORM
Windows desktop users, on average, use a greater variety of cloud
services than any other platform. The average Windows PC accessed
18.3 distinct cloud services in September 2015. Thats 47.6% higher
than September 2014.
16
17
18
19
20
21
22
23
Our Methodology
To bring you these findings, we analyzed aggregated, anonymized cloud
usage data for over 23 million users worldwide at companies across all
major industries including financial services, healthcare, public sector,
education, retail, high tech, manufacturing, energy, utilities, legal, real
estate, transportation, and business services.
Collectively, these users generate over 2 billion unique transactions
in the cloud each day. We compiled their usage in an extensive cloud
activity graph, revealing trends in usage against behavioral baselines
across time. Our cloud service registry tracks over 50 attributes of
enterprise readiness and allows us to analyze behavior using detailed
data signatures for over 16,000 cloud services.
24
Request a Complimentary
Cloud Audit
http://bit.ly/Q32015AuditOffer
1.866.727.8383 skyhighnetworks.com