Malware attacks businesses as they sleep and cloud remains a threat, researchers say

Malware attacks businesses as they sleep and cloud remains a threat, researchers say

Summary: Cloud adoption may be on the rise, but for the enterprise, so is the risk of using such services.

TOPICS: Cloud, Security

Hundreds of cloud services are being used within the enterprise, but cloud remains a serious security risk as corporations send vast amounts of data to high-risk services every quarter.

Cloud security software firm Skyhigh Networks has released its latest quarterly Cloud Adoption and Risk Report (.PDF), which claims that hundreds of cloud services are being used within organizations, and that risk comes not only from business-based cloud use but also from employees.

After analyzing data from 10.5 million cloud computing users worldwide across areas including the financial sector, education, tech, media and retail, the firm found that the average company sent 80 gigabytes of data to high-risk cloud services this quarter — roughly equating to 177,224 Word documents — and Amazon Web Services, Office 365 and Salesforce top the enterprise cloud service list. Facebook, Twitter and Apple's iCloud are the top three consumer-based apps used in the enterprise, bringing the total average number of cloud services used by each company to 738, which is down from 759 in the previous quarter.

A total of 3,816 unique cloud services was identified in use overall.

Dropbox, Google Drive and Box are the most popular applications used for content sharing, and Office 365, Gmail and Cisco Webex are now the enterprise top choice for collaboration.

Skyhigh Networks says that consolidation to low-risk, enterprise-ready services is a good thing, as the data shows that the majority of the 3,861 services in use lack basic security features, which puts organizations at risk. The firm says that only 9 percent of services used are "Skyhigh Enterprise-Ready," in other words, satisfy stringent requirements for data protection, identity verification, service security, business practices, and legal protection.

Only 11 percent encrypt data at risk, only 16 percent provide multi-factor authentication, and only 4 percent are ISO 27001 certified.

Despite a trend to low-risk services, the average company sent 80GB of data to high-risk services in the last quarter alone.

Interestingly, the report notes a shift in malware patterns. 987 malware incidents were recorded between 8am - 8pm, and 2,157 occurred between 8pm - 8am. While it makes sense that campaigns might take place when there was less focus on the network, Skyhigh notes that these attacks may be easier to detect if security analytics are used, and the case "illustrates the importance of real-time alerts and close monitoring." This may also indicate higher hacking activity in countries with opposite time zones.

The industries at the most risk are technology, healthcare and financial, most likely due to the valuable data that can be extracted from networks — including trade secrets, financial details and client information.

Rajiv Gupta, CEO of Skyhigh Networks commented:

With every CAR Report, we include the data from more and more companies, making the statistics and findings richer every quarter. Rather than relying on survey data that measures mainly perception, this report highlights findings on actual usage data collected from customers throughout the world. We hope this data helps all stakeholders — employees, IT and cloud service providers — to accelerate the secure adoption of cloud services within their organisation.

Topics: Cloud, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • there's a point here... maybe more...

    Security software form releases report that security software is needed... also states brand x cloud providers are more insecure while name brand cloud providers are more secure... mostly. Its all in the report if you know where to look.
  • The "Cloud"

    The "cloud" is for lack of a better phrase a hacker's wet dream. Unless you believe that these cloud services posses some kind of magic when it comes to security that has so far eluded the rest of the world. As the old adage says "don't keep all your irons in one fire".