As organisations move more of their data to the cloud the risk from shadow IT in the form of connected third-party apps grows greater.
New research from CloudLock CyberLab, the security intelligence part of the CloudLock security platform, finds that 27 per cent of third-party apps are classified as high risk. This means cyber criminals could gain programmatic access to corporate platforms and impersonate end users.
With a 30x increase in apps from 5,500 to nearly 160,000 between 2014 and 2016, this represents a large number of potential backdoors through which hackers can infiltrate and steal sensitive corporate assets. The report also finds that more than half of apps are now banned in organisations due to security concerns.
"The shift to the cloud creates a new, virtual security perimeter that includes third-party apps granted access to corporate systems," says CloudLock director of customer insights and analytics Ayse Kaya Firat. "Today, most employees leverage a wide variety of apps to get their jobs done efficiently, unwittingly exposing corporate data and systems to malware and the possibility of data theft".
Among other findings are that on average, an organisation's users connect 733 third-party apps to the corporate environment. When adjusted for size of organisation technology, media and education enterprises are the biggest users of apps.
CloudLock has produced a Cloud Application Risk Index (CARI) based on trust ratings from over 750 organisations' IT security teams, as well as application access scopes and research-based vulnerability intelligence. Businesses can use this to whitelist good apps or ban potentially risky ones. This coupled with a policy on acceptable application use can significantly reduce the risk level for a business.
More detail is available in the full report which you can download from the CloudLock site.