Cloud Apps Pose Big Security Challenges in the BYOD Enterprise


Workers have long been encouraged, and even enticed by some employers, to bring their own devices to work as a way to spur productivity and as a quick approach to making the workforce more mobile.

But now the reality is setting in and "bring your own device" (BYOD) is viewed as fraught with security challenges with many BYOD devices housing hundreds of apps that aren't "enterprise ready," reveals a Netskope report.

In fact the report notes a whopping 88 percent of cloud apps employed within a BYOD environment aren't safe for the enterprise environment, with about 15 percent of employee credentials being compromised and approximately 25 percent of cloud-based files being shared with outsiders.

The security outlook is more than a bit grim, says Netskope CEO Sanjay Beri.

"A decade ago, companies issued laptops to users with tightly controlled access to a handful of enterprise applications," Beri told Tech Times. "Today, people and lines of business are pretty much free to use whatever apps they want from the devices they choose -- or they do without permission."

Netskope's latest study (registration required) compiled anonymized statistics from tens of billions of events relating to cloud apps that were used by millions of users. The study found an average of 614 cloud apps were in use at a given organization and approximately 88 percent aren't secure enough for the enterprise environment.

"Think about what that does to enterprise risk -- it means that IT no longer controls where corporate data are going," says Beri. "It means users whose account credentials have been compromised in a breach are using those credentials in other apps, some of them business-critical. And it means apps that aren't enterprise-ready are touching important business systems."

That is evidenced in the rise of the average number cloud apps in use and the conditions fostering a higher frequency of enterprise breaches. There is no denying that security lapses will only increase in 2015.

"Organizations who embrace the way technology is consumed, seek to understand their own risk, and put controls around access and usage of these cloud and mobile technologies will mitigate risk and reduce the chances and magnitude of a security incident," Beri says.

Netskope's Chief Architect, Ravi Ithal, offered up five tips for getting a better handle on cloud app security. Here is an abridged version:

1. Discover all of your business-critical cloud apps.

2. Secure access to your business-critical apps with multifactor authentication.

3. Consider using single sign-on for business-critical apps.

4. Ensure you can go back after suspicious activity and easily construct an audit trail on activity with business-critical cloud apps.

5. Keep an eye out for anomalies. Excessive downloads or shares or out-of-the-ordinary access patterns may signal compromised credentials.

ⓒ 2018 All rights reserved. Do not reproduce without permission.
Real Time Analytics