Cloud security could be the biggest risk your workplace faces

Cloud Security
(Image credit: laymanzoom / Shutterstock)

As cloud computing usage in the workplace grows, so do related cybersecurity threats, new research has warned.

A report from Secure Access Service Edge (SASE) provider Netskope claims malware delivered via cloud apps now accounts for more than two-thirds (68%) of all malware delivered to businesses.

Furthermore, malicious Office documents now make up almost half (43%) of all malware downloads. At the same time, cloud app usage is growing, rising by almost a quarter (22%) in the first half of 2021 alone, with the average company now using 805 distinct apps and cloud services.

However, of those apps, almost all - 97% - are shadow IT, which could be posing a significant security problem.

Another major issue is managing sanctioned cloud applications and IaaS. At the moment, more than a third (35%) of all workloads within AWS, Azure, and Google Cloud Platform are “unrestricted”, meaning they’re free for viewing, to anyone who knows where to look.

Using corporate Google credentials as a convenient shortcut to log into third-party apps, something 97% of businesses allegedly do - is also another major attack opportunity, the report further claims. This shortcut requires third-party app access to various permissions, and if users allow access to view and manage Google Drive files, that places all those files at risk.

Insider threats

Insiders also present a major threat to the cybersecurity posture of an organization, as many departing employees usually take significant amounts of data with them. According to the report, employees that are in their final 30 days with the company, upload three times more data to personal apps, with 15% of that data originating either from a corporate app, or directly violates corporate data policy.

These employees mostly pick up the files from Google Drive or Microsoft OneDrive.

For Ray Canzanese, Threat Research Director at Netskope, in order to mitigate these threats, enterprises should “rethink security” based on the reality of cloud application use. Businesses should opt for a security architecture that provides context for apps, cloud services and web user activity, and that applies zero-trust controls.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.