Malware attacks businesses as they sleep and cloud remains a threat, researchers say

Cloud adoption may be on the rise, but for the enterprise, so is the risk of using such services.
Written by Charlie Osborne, Contributing Writer

Hundreds of cloud services are being used within the enterprise, but cloud remains a serious security risk as corporations send vast amounts of data to high-risk services every quarter.

Cloud security software firm Skyhigh Networks has released its latest quarterly Cloud Adoption and Risk Report (.PDF), which claims that hundreds of cloud services are being used within organizations, and that risk comes not only from business-based cloud use but also from employees.

After analyzing data from 10.5 million cloud computing users worldwide across areas including the financial sector, education, tech, media and retail, the firm found that the average company sent 80 gigabytes of data to high-risk cloud services this quarter — roughly equating to 177,224 Word documents — and Amazon Web Services, Office 365 and Salesforce top the enterprise cloud service list. Facebook, Twitter and Apple's iCloud are the top three consumer-based apps used in the enterprise, bringing the total average number of cloud services used by each company to 738, which is down from 759 in the previous quarter.

A total of 3,816 unique cloud services was identified in use overall.

Dropbox, Google Drive and Box are the most popular applications used for content sharing, and Office 365, Gmail and Cisco Webex are now the enterprise top choice for collaboration.

Skyhigh Networks says that consolidation to low-risk, enterprise-ready services is a good thing, as the data shows that the majority of the 3,861 services in use lack basic security features, which puts organizations at risk. The firm says that only 9 percent of services used are "Skyhigh Enterprise-Ready," in other words, satisfy stringent requirements for data protection, identity verification, service security, business practices, and legal protection.

Only 11 percent encrypt data at risk, only 16 percent provide multi-factor authentication, and only 4 percent are ISO 27001 certified.

Despite a trend to low-risk services, the average company sent 80GB of data to high-risk services in the last quarter alone.

Interestingly, the report notes a shift in malware patterns. 987 malware incidents were recorded between 8am - 8pm, and 2,157 occurred between 8pm - 8am. While it makes sense that campaigns might take place when there was less focus on the network, Skyhigh notes that these attacks may be easier to detect if security analytics are used, and the case "illustrates the importance of real-time alerts and close monitoring." This may also indicate higher hacking activity in countries with opposite time zones.

The industries at the most risk are technology, healthcare and financial, most likely due to the valuable data that can be extracted from networks — including trade secrets, financial details and client information.

Rajiv Gupta, CEO of Skyhigh Networks commented:

With every CAR Report, we include the data from more and more companies, making the statistics and findings richer every quarter. Rather than relying on survey data that measures mainly perception, this report highlights findings on actual usage data collected from customers throughout the world. We hope this data helps all stakeholders — employees, IT and cloud service providers — to accelerate the secure adoption of cloud services within their organisation.

Editorial standards