I hate to get on a soap box, but most businesses are behaving as though the increased use of office cloud applications like O365, Google Docs, Box, CRM, accounting, and marketing has no effect on their business security posture. The assumption that use of applications from multiple vendors stored on multiple uncontrolled servers is somehow safe is not very realistic. Some form of cloud application security is surely needed.
The reality: Each additional cloud application used increases the possibility that your data is being hacked, stolen or misused.
Don’t just take my word for it.
A recent report found that 55% of companies completely rely on cloud app service providers to provide all of the security for those apps. Furthermore, 53% of employees now use their own personal devices in the office to connect to cloud apps.
Why is that a problem?
As a recent article in InfoWorld pointed out, while cloud providers typically deploy security controls to protect their environments, individual organizations are responsible for the cloud application security of their own data. With more than 30% of business data and business critical apps now hosted in the cloud (and many IT departments unaware of many of them), this has created a situation where many organizations have unknowingly ceded control of data access, storage, and usage.
Are IT Leaders Blind to the Need for Cloud Application Security?
Unfortunately, many executives and IT leaders seem unaware of the significant risks this presents. Instead of rushing to improve business security posture, they continue to act as though the only data they need to protect is the data that’s on their internal servers.
That’s just not true.
Here are just a few of the obvious risks of failing to secure cloud application data on cloud apps like Office365, Google Docs, Box, and other automation solutions (CRM, marketing automation, etc.):
- With cloud applications, data is stored on multiple servers that your company doesn’t control
- Cloud apps can be accessed through third-party servers via any Web browser in any location
- IT leaders have no real visibility into what’s going on
- Companies don’t have visibility into which application are used by whom
- There are little controls on user access to these applications especially “shadow applications”
- There are few control as to how users can use your data to interact with cloud applications
Ultimately, this lack of cloud application security control leads to a much bigger problem: It makes your organization non-compliant with every security regulation in existence. Without proper security, vendor cloud servers are subject to hacking, internal breaches, lack of strong access control, third-party app API risks, user account hijacking, APT threats, data corruption malware, and many other disastrous situations.
A Simple Fix to a Big Problem
Unfortunately, it might take another high-profile data loss on third-party app servers for companies to wake up (remember Apple’s iCloud hack and Dropbox being sued for inadequate data encryption security?). Google Drive and Salesforce have also been subjects of data leaks and cyber-attacks.
Instead of waiting around for one of those disasters to strike your business, here’s my advice: Perform a cloud risk assessment to determine which apps your organization is using (even the ones you don’t know your employees are using (shadow applications).
Once that’s complete, you can go about the process of defining solutions to limit, controlling usage, securely storing your data, and performing ongoing monitoring — all of which will give you the control you need to ensure your business (and its data) is safe.
Don’t wait until it’s too late. It’s best to start down the road to cloud application security now before you lose your data, uptime, or control.
Contact us to get a cloud shadow application risk assessment to see what apps your employees are using. You will be surprised.