It’s that time of year again. It seems to come round faster and faster! Netskope have released their State of the Cloud report, compiling the most interesting trends on cloud service and web usage based on aggregated, anonymised data from the Netskope Platform.
The findings are based on usage seen across millions of users in hundreds of global accounts and the data is from 1st February through to 30th April 2019.
The full report is available here, but here are the juicy bits for you to get your teeth into…
The Impact of Cloud Services on Enterprise Web Traffic
Cloud services account for the vast majority – 85% – of all web traffic flowing across enterprise internet connections and increasingly, the line between cloud services and what they refer to as the broader web is blurry.
Netskope’s definition of cloud services is that the service ‘must be designed for multi-tenant support, require a login to access the service, and provide the ability to store and process data’.
In their Cloud Confidence Index, they track over 36,000 cloud services, including the most popular such as Office365, all Google’s apps and Box as well as the consumer-focused cloud services such as Facebook, Twitter and YouTube.
Netskope Says: It’s important for businesses and organisations of all sizes to monitor the mix of web traffic going to cloud services and make an assessment whether they have the correct controls in place to ensure that all traffic – cloud and web – is properly secured.
The Top Policy Violations for Cloud & Web
In enterprise cloud services, the top policy violations detected in the Netskope Platform were DLP policy violations, cloud activity policy violations and anomalous activity violations and for traditional web traffic, the top three were acceptable use policy violations, malicious site violations, and malware detections.
Netskope Says: For cloud services which are by nature bi-directional as well as the large volume of data moving out of in-house servers and into the cloud, it came as no great shock that DLP violations came out top. They recommend that ‘businesses identify sensitive data and prevent its movement to specific cloud services. The second most common policy violation for cloud traffic—cloud activity violations—underscores our recommendation to safely enable cloud services by carving out specific risky activities.’
Primarily inbound web traffic has its own set of inherent risks. Again, no great shock at the top of the list was acceptable use policy violations (users trying and failing to access inappropriate websites at work) and for both cloud services and web access, they recommend that businesses ‘implement a set of inline and API-based capabilities to address the key requirements of cloud and web traffic, including DLP and granular, activity-level controls for cloud traffic and acceptable use policy controls and threat detection for web traffic.’
The Top 20 Cloud Services List
Naturally, cloud storage and collaboration apps comprise the vast majority of the list and as a CTO or similar, your focus should be on the security policies for these apps but of course it’s also important to keep an eye on how employees are using social media to ensure that their personal use doesn’t lead to unwanted security or compliance issues.
1. Microsoft Office 365 SharePoint
2. Google Drive
3. Microsoft Office 365 OneDrive for Business
4. Microsoft Office 365 Outlook.com
6. Google App Suite
10. Amazon S3
15. Microsoft Teams
16. Microsoft OneDrive
18. Microsoft Office 365 Suite
Multiple App Instances Drive Heavy Cloud Traffic
This is driven in part by the personal use of social media platforms in the office such as Facebook, Twitter, Instagram and the like but also by the multiple use of the 365 suite of products inside and outside of the organisation.
The key here is for businesses to be able to ensure that with so many instances of cloud services being used across the organisation, a more granular, user-specific policy is required to ensure their secure and compliant use.
Netskope Says: We have long recommended that organisations need to define and enforce different policies for the different versions of cloud services being used. You might allow sensitive business information to be stored in your sanctioned version of Microsoft Office 365 OneDrive for Business or Box, but restrict that information from personal or business partner instances of those cloud services.
On average, the number of app instances in an organisation are as follows:
Facebook – 112
Yahoo Mail – 111
Gmail – 99
Box – 78
Google Drive – 52
Slack – 46
Keep an eye on who’s doing what.
Guess How Many Cloud Services An Enterprise Uses…
No, you’re wrong. It’s a staggering 1,296 (up 3.9% from 1,246 in October 2018) and businesses should be acutely aware that 96.3% of them aren’t ‘enterprise ready’, earning a rating of “medium” or below in the Netskope Cloud Confidence Index.
Interestingly, for the first time in 2019, marketing apps overtook HR apps for the top spot so given the exposure of customer data in marketing apps and employee data in HR apps, ‘both categories should be carefully monitored and are good candidates for DLP and access controls to secure any sensitive data stored in these cloud services.’
The full report is well worth a read and it highlights the need for a more secure cloud.
Here at Koncise, we are full-throated advocates of cloud security and as we keep saying, or rather Netskope do – World-class, enterprise level online security is no longer a choice. It’s an absolute necessity.
Contact us today on firstname.lastname@example.org or call 020 7078 0789 and we’ll talk cloud security, how to prevent data breaches, cutting-edge IT solutions or what’s better, smooth orange juice or OJ with bits in. Whatever you want.