The cloud is having a measurable impact on business – IT departments are migrating to cloud services in order to take advantage of faster time-to-market, reduced operational costs, and reduced IT spending and maintenance costs. In addition, employees are rapidly adopting cloud services to help them do their jobs with greater mobility. Productivity is soaring, and this interconnectivity has given rise to a new economy: the cloud economy.
The seventh installment of our quarterly Cloud Adoption and Risk (CAR) Report presents a hard data-based analysis of enterprise cloud usage. With cloud usage data from over 17 million enterprise employees spanning all major verticals using the McAfee (formerly Skyhigh Networks) CASB platform, this report is the industry’s most comprehensive and authoritative source of information on how employees are using cloud services. And, this latest edition expands its scope to include the risk to enterprises from business partners connected through the cloud.
You can download the full report here. In addition to popular recurring features such as the Top 20 Enterprise Cloud Services and the Ten Fastest-Growing Applications, the latest report contains several eye-opening findings including the extent of cyber risk from partner connections.
8% of Partners Are High-Risk, but Receive 30% of Data
A number of attributes can classify a partner as high-risk, including being affected by malware of botnets, having compromised identities for sale on the darknet, suffering from a breach, or being exposed to vulnerabilities such as POODLE. High-risk partners receive 30% of all data shared with partners — a disproportionately large amount.
58 “Super Partners” Are Connected to Over 50% of Enterprises
Many partners are well connected among the largest organizations, meaning a vulnerability within a single partner could have far-reaching consequences. The risk of these super partners is higher than overall rate, with 12.5% considered high-risk. Top super partners include pest control, IT services, software, equipment manufacturing, hospitality, and consulting companies.
One Partner Has Over 9,000 Compromised Identities and 200 Devices with Malware
The report gives the risk attributes for several example partners. One airline had 9,716 credentials for sale on the darknet and 209 devices infected with malware. A financial services technology provider had 1,216 compromised identities across 19 darknet sites. An advertising agency had 1,565 compromised identities for sale across 29 darknet sites. All three partners are still vulnerable to POODLE.
Enablers of the Cloud Economy
Certain cloud services stand out as hyper-connectors, enabling the most partner connections. The top cloud connectors in the customer support category are Zendesk, Salesforce, and GrooveHQ. For file sharing, Sharefile, Box, and Wiredrive are the top connectors. In the collaboration category, the top connectors are Cisco WebEx, Slack, and Office 365.
Highest Risk Partner Categories
Not all partner categories are equal when it comes to risk. Telecommunications companies had the highest percentage of high-risk businesses, at 30% — double the rate of the tenth highest-risk category, Travel. Security teams should pay special attention to interactions with partners falling into the categories on this list.
About the Author
Categories: Cloud Security