Cloud Security in Question

Friday, September 9, 2016 @ 02:09 PM gHale


Cloud usage is gaining strength, but questions remain regarding the security of the environment.

While the report focuses on enterprise systems, the manufacturing automation sector needs to be alert because once malware infiltrates, it is possible to filter down to the plant floor.

RELATED STORIES
Big Data Works in Fighting Breaches
Working to Detect Attacks in Real Time
Cleaning Up Big Data
Chip Designed to Ferret Out Trojans

In one report, 43.7 percent of malware found in enterprise cloud apps have delivered ransomware, and 55.9 percent of malware-infected files found in cloud apps end up shared publicly, said researchers at Netskope. As a point of reference, Cloud usage is increasing as enterprises have 977 cloud apps in use, up from 935 last quarter, the researchers said.

For the third straight quarter, Netskope Threat Research Labs examined the presence of malware in enterprises, finding there are on average 26 pieces of malware found in cloud apps across a given organization. It appears, 56 percent of malware-infected files in cloud apps end up shared with internal or external users, or shared publicly.

Of the malware types detected, 43.7 percent are common ransomware delivery vehicles, including Javascript exploits and droppers, Microsoft Office macros and PDF exploits. These ransomware attacks are often initially delivered through phishing and email attacks, but within cloud environments, infected and encrypted files can quickly spread to other users through cloud app sync and share functionality in what is known as the fan-out effect.

Among the top-20 most used apps, Microsoft continues to lead with Office 365 Outlook.com and OneDrive for Business beating out their counterparts from other vendors in session volume. Microsoft productivity apps are the number one and two most popular apps.

Supporting the idea enterprises are adopting new collaboration tools, Slack entered the top 20 most popular apps for the first time. Slack is a solution that enables users to centralize all notifications, from sales to tech support and social media. Security teams will need to prioritize this trend and pay close attention to sensitive information shared within collaboration apps, and prioritize visibility into and control over the apps with which Slack integrates and shares data.

Netskope found enterprises, on average, have 977 cloud apps in use – up from 935 last quarter. However, 94.7 percent of those apps are not “enterprise-ready” according to the Netskope Cloud Confidence Index scoring system. That means they lack key functionalities such as security, audit and certification, service-level agreement, legal, privacy, financial viability, and vulnerability remediation.