Compromised Credentials: A Risk for Your Business-Critical Cloud Apps

Compromised Credentials: A Risk for Your Business-Critical Cloud Apps

Blog Article Published: 01/08/2015

By Krishna Narayanaswamy, Chief Scientist, Netskope 8-percent-dlp-violationWe are excited to announce the release of the January Netskope Cloud Report  today. In it, we have our standard stuff – the latest cloud adoption numbers (this quarter, we report an average of 613 cloud apps per enterprise), as well as observed aggregate activities in our Active Platform, including which activities (such as “edit,” “share,” and “download”) constitute the highest number of policy violations and across what app categories. Every quarter we focus more deploy on an area of cloud security, and this quarter we reveal early findings from research we have been conducting around compromised account credentials. We have noticed that a growing number of enterprise cloud users are logging into their cloud apps using login names and passwords that have been stolen as part of a data hack or exposure. Based on our research, we estimate that 15 percent of users have had their account credentials compromised. Given that many people (as many as half, or even more in some reports) reuse their passwords for multiple accounts, and a high number of your enterprise users log into your popular cloud-based apps like Salesforce, Box, Dropbox, Concur, and WebEx, chances are your most business-critical apps are being accessed with compromised credentials. Even if you’re diligent about protecting those apps, you may not be able to detect the access. There’s another related risk: While conscientious IT professionals have taken steps to protect their sanctioned corporate apps, many haven’t done anything to protect unsanctioned, departmental apps, some of which are highly used and important to the business. Based on our aggregated, anonymized data, we estimate that at least 13.5 percent of organizations’ apps are at the intersection of unsanctioned and business-critical. Those apps are usually not protected by single sign-on, nor is multi-factor authentication enforced in them, and they are at risk of being accessed by users with compromised credentials. Read more about this risk in the Netskope Cloud Report, and learn what actions you can take to protect your apps on our blog.

Share this content on your favorite social network today!