Cloud security firm Skyhigh Networks has released its Cloud Adoption and Risk Report for Q1 2015, with some unsettling findings in terms of the risks businesses are taking.
The report is compiled by analysing real-world cloud usage over some 17 million employees, and for the first time in this sixth report, it delved into the risk to enterprises posed by business partners connected via the cloud. This follows a spate of recent data breaches which have been the fault of a third-party, of course.
The headline stat was that an enterprise has, on average, 1,555 partners connected through the cloud, and that 8 per cent of these partners are labelled ‘high risk’, with 30 per cent of an organisation’s total data assets shared with those risky partners.
A high risk partner, incidentally, is one suffering from malware attacks, or a breach itself, or a third-party with gaping vulnerabilities which haven’t been patched or properly dealt with.
Skyhigh Networks also observed there was a breed of ‘super-partner’ companies – 58 of these in total – and they’re connected to more than half the enterprises out there. Naturally, a vulnerability in one of these super-partners could have a massive domino effect in terms of data leakage.
The situation is more worrying still, because a greater percentage – 12.5 per cent, or one in eight – of these is labelled as high risk. They include IT services and software firms, but also organisations like pest control. Skyhigh Networks cited one airline partner that had 209 devices infested with malware, and 9,716 credentials up for sale on the Darknet – and it was still vulnerable to Poodle (and not alone in that respect).
Sekhar Sarukkai, co-founder and VP of Engineering at Skyhigh Networks, commented: “Security of any enterprise is only as strong as its weakest link and recent breaches have shown that partners are often the weakest link. Therefore, enterprises must have visibility into the security risks of their business partners so they can take the necessary steps to protect themselves.”
You can check out the full report here.