According to Forrester Research, the overall number of businesses using the Cloud has increased from 10 per cent to 33 per cent since 2013. Figures from 451 Research suggest that spend on Cloud services is expected to increase from an average of 28 per cent of IT budgets last year to 34 per cent this year.
The reasons for the continued rise in Cloud adoption include the ready availability of new migration tools which help system transfer process run smoothly, and improving perceptions surrounding Cloud security. Over the past 18 months, cloud based security solutions have improved noticeably, drawing favourable comparisons with established on premises malware and firewall products.
However, according to Cisco’s 2017 Annual Cybersecurity Report, the Cloud still represents a main gateway through which cybercriminals gain access to business It systems – though not necessarily through official enterprise Cloud deployments.
The report found that a major problem is being caused by employees downloading third party web based applications. According to the findings, the availability of such apps in the workplace more than doubled from October 2015 to October 2016, from 108,000 unique applications to 222,000. Of those, it found that 27 per cent posed a high security risk to enterprise systems.
Employees might download messaging apps, collaboration tools or industry specific software plug ins with the best of intentions, to help them work more productively and stay connected with colleagues. But as many of these apps carry Open Authentication (OAuth) protocols, they give the app access to the host’s systems infrastructure and data stores as soon as they are downloaded.
The worst examples with no in built controls then give an access point through the company’s security barriers out into the Cloud. Cybercriminals can exploit this to get into the system, view and act on data stores, or even mimic legitimate users.
According to Cisco, awareness of such threats remains very low.
The issue here is not that the Cloud is not safe for business use. It is more an issue of understanding user behaviour in a changing digital landscape, and identifying where that poses risks.
Indeed, official, controlled Cloud deployment may be one of the solutions for countering the threats from unauthorised apps. Here are 5 ways you can shore up your business’s defences:
1. Educate staff
Cyber security training should be revisited regularly and continually updated according to the latest advice. Explaining to people the security risks of downloading third party applications without authorisation will help change behaviours.
2. Update your Acceptable Use Policy
Make it clear what the policy is for downloading apps ad hoc, what procedures should be followed if staff want to do it, and what the sanctions are for not following the policy.
3. Review Software Deployment
If your employees are downloading apps at work, it is probably because they offer something they find helpful. Keep an open forum for staff to make suggestions about new applications they think would benefit them in their job. One of the great benefits of Cloud SaaS systems is you can easily add new modules within your official infrastructure, so staff should never need to download their own apps.
4. Consolidate Security Systems
According to Cisco, the average business uses anything between 6 and 50 IT security products. This in itself creates gaps, through which breaches created by new applications can slip undetected. Consolidating everything into a single security infrastructure makes it much easier to monitor systems comprehensively.
5. Consult Your Provider
For all Cloud software solutions, always consult your provider. They are in the best position to advise you on what to add to your infrastructure and how, and they have the expertise to manage everything securely.