Netskope Report Reveals High Frequency of Compromised Credentials in Enterprise Cloud Apps

- 15 percent of corporate users have had their credentials compromised

- A quarter of all files in cloud storage apps are shared with one or more people outside of the organization

- Organizations have 613 cloud apps in use on average, more than 88 percent of which are not enterprise-ready

- More than 20 percent of organizations have more than 1,000 cloud apps in use

News provided by

Jan 08, 2015, 08:00 ET

LOS ALTOS, Calif., Jan. 8, 2015 /PRNewswire/ -- Netskope, the leader in safe cloud enablement, today released the January 2015 Netskope Cloud Report™ that monitors enterprise cloud app usage and trends. The report shows a continued increase in cloud app usage across enterprises, as well as the high volume at which files are being shared outside of a given organization. Most notably, the report finds that as many as 15 percent of business users have had their credentials compromised. Since up to half of users re-use passwords for multiple accounts, the likelihood of users logging into business-critical apps with these credentials is high, putting business-sensitive data at risk.

Enterprises are continuing to adopt cloud apps at a fast pace, with an average of 613 cloud apps per organization in Q4, up from 579 the previous quarter. Based on aggregated, anonymized data from the Netskope Active Platform, which provides discovery, deep visibility, and granular control over any cloud app, the report's findings are based on tens of billions of cloud app events seen across millions of users between October and December 2014. 88 percent of apps in use are not enterprise ready, scoring a "medium" or below in the Netskope Cloud Confidence Index^TM[1] (CCI). Additionally, the report found more than 20 percent of organizations in the Netskope cloud actively use more than 1,000 cloud apps, and eight percent of files in corporate-sanctioned cloud storage apps are in violation of data leak prevention (DLP) policies, including PHI, PCI, PII, source code, and other policies covering confidential or sensitive data.

"2014 left an indelible mark on security -- between ongoing high-profile breaches and the onslaught of vulnerabilities like Shellshock and Heartbleed, CSOs and CISOs had more on their plate than ever," said Sanjay Beri, CEO and founder, Netskope. "These events underscore the sobering reality that many in the workforce have been impacted by data breaches and will subsequently use compromised accounts in their work lives, putting sensitive information at risk. Employees today have shifted from thinking of apps as a nice-to-have to a must-have, and CISOs must continue to adapt to that trend to secure their sensitive corporate and customer data across all cloud apps, including those unsanctioned by IT."

Growth of Compromised Accounts

This quarter, the Cloud Report is augmented by analysis of compromised accounts. Due to a significant increase in data breaches and leaks from a host of major corporations, websites, and cloud apps, a growing number of users log into business apps using compromised credentials that have been stolen as part of a data hack or exposure. As many as 15 percent of users have had their credentials compromised in a prior data exposure, and many of those users re-use passwords even to log into apps that contain business-sensitive information.

Top 10 Categories of Cloud Apps in the Enterprise

Consumer, prosumer apps and line-of-business apps are all used heavily in enterprises, and the vast majority of apps in each of these categories are not enterprise-ready. Marketing, Finance/Accounting and Human Resources were the categories with the highest number of non-enterprise ready cloud apps – those rating at a "medium" or below in the CCI.

	Category	Number per Enterprise	Percent Not Enterprise-Ready
1	Marketing	67	96%
2	Collaboration	43	84%
3	Human Resources	38	93%
4	Productivity	36	89%
5	Finance/Accounting	31	95%
6	Cloud Storage	28	72%
7	CRM/SFA	25	92%
8	Software Development	25	87%
9	Social	18	76%
10	IT/Application Management	16	73%

Top-Used Apps in Business

The top 20 apps used by enterprises, based on distinct app sessions, reflects all cloud app access points tracked by the Netskope Active Platform, which includes perimeter device (e.g., firewalls, gateways, etc.) log analysis and real-time visibility of campus PC, remote PC, and mobile device (e.g., smartphones, tablets). Cloud Storage and Social categories dominate, as Enterprise File Sync and Share (EFSS) vendors vie for market share.

	Cloud App	Category
1	Google Drive	Storage
2	Facebook	Social
3	YouTube	Consumer
4	Twitter	Social
5	Google Gmail	Webmail
6	iCloud	Storage
7	Dropbox	Storage
8	LinkedIn	Social
9	Microsoft OneDrive	Storage
10	Box	Storage & Collaboration
11	Salesforce.com	CRM/SFA
12	WebEx	Collaboration
13	Evernote	Productivity
14	Microsoft Office 365	Collaboration
15	Pinterest	Consumer
16	LivePerson	Call Center
17	HubSpot	Marketing
18	Amazon CloudDrive	Storage
19	Yammer	Social
20	Concur	Finance/Accounting

Top Policy Violations and the Rise of DLP

Based on a normalized set of apps, categories, and activities, the five cloud app categories with the highest volume of policy violations^{^[2]} include Cloud Storage, Webmail, CRM and SFA, Social, and Collaboration. DLP policy violations involving the upload of data outnumber violations involving the download of data by nearly three to one, while eight percent of content files contain DLP violations, irrespective of when content was uploaded. Twenty five percent of all files are shared with one or more people outside of the organization; 40 percent are shared within the organization and 35 percent are private. Of external users who have links to content, nearly 12 percent have access to 100 files or more.

Violation

Download

Upload

View

Delete

Edit

Create

Netskope Resources

To download the Netskope Cloud Report™: www.netskope.com/netskope-cloud-report
To learn more about how to gain visibility into enterprise cloud apps and how to ensure they are secure and compliant, visit: www.netskope.com/product
For the latest commentary and insight on trends from the Netskope team, visit the Netskope blog: www.netskope.com/blog

About Netskope

Netskope™ is the leader in safe cloud enablement. Only the Netskope Active Platform™ provides discovery, deep visibility, and granular control of sanctioned and unsanctioned cloud apps. With Netskope, IT can direct usage, protect sensitive data, and ensure compliance in real-time, on any device, including native apps on mobile devices and whether on-premises or remote, and with the broadest range of deployment options in the market. With Netskope, businesses can move fast, with confidence. Serving a broad customer base including leading healthcare, financial services, high technology, and retail enterprises, Netskope has been named to CIO Magazine's top 10 cloud security startups and featured in such business media as CBS News, Wall Street Journal, and Forbes. Netskope is headquartered in Los Altos, California. Visit us at www.netskope.com and follow us on Twitter @Netskope.

[1] The Netskope Cloud Confidence Index™ is a database of more than 5,000 cloud apps that are evaluated on 40+objective enterprise-readiness criteria adapted from the Cloud Security Alliance, including security, auditability, and business continuity. The results of the evaluation are normalized to a 0−100 score and mapped to five levels ranging from "poor" to "excellent."

[2] Volume of policy violations is measured as number of times a defined policy or set of policies are triggered by that combination of parameters being met.

Media Contact
Matt Coolidge
Bateman Group for Netskope
347-410-7974
[email protected]

Photo - http://photos.prnewswire.com/prnh/20150108/167690-INFO

SOURCE Netskope