Data Proliferation Creates Risk as Business Use of Personal Apps Continues to Rise


The use of cloud applications within organizations has continued to grow, already increasing by 35% since the start of 2022, with an average enterprise of 500 to 2,000 users downloading, creating, sharing or storing data in 138 different applications and using an average of 1,558 distinct cloud applications. apps every month.

That’s according to Netskope, a specialist in Security Service Edge (SSE) and Zero Trust, which has published new research detailing the proliferation of cloud applications used in enterprises around the world.

The ‘Netskope Cloud and Threat Report: Cloud Data Sprawl’ found that more than one in five users (22%) download, create, share or store data in personal apps and personal instances, along with Gmail, WhatsApp, Google Drive, Facebook, WeTransfer, and LinkedIn ranking among the most popular personal apps and instances.

A personal app, such as WhatsApp, is an app that only sees personal usage of personal accounts. A personal instance is a personal account of an application that is also managed by the organization. For example, the personal Gmail account of someone in an organization that uses Google Workspaces is a personal instance.

Additionally, underscoring a continuing insider risk trend, the report found that one in five users (20%) uploaded an unusually high amount of data to these personal locations in the 30 days prior to leaving an organization, which represents a 33% increase over the same period last year.

Ray Canzanese, Director of Threat Research at Netskope Threat Labs, said: “Cloud applications have helped increase productivity and enable hybrid working, but they have also caused an increasing proliferation of data that puts organizations at risk. sensitive data.

“Personal applications and instances are of particular concern, as users retain access to data stored in these instances even long after leaving an organization. Proactive security measures – especially policy controls that limit access to data sensitive to only authorized users and devices and prevent the uploading of sensitive data to personal applications and personal instances – can help reduce the risk of loss or exposure of sensitive data.

Additional key findings from the report include:

  • Use of personal apps is lowest in financial services, highest in retail: the financial services sector is most successful in limiting the flow of data in apps and personal instances, with less one in 10 (9.6%) users do so, while nearly four in 10 (39.1%) of retail users upload data to apps and personal instances.
  • More users than ever are downloading, creating, sharing or storing data in cloud apps: The percentage of users with data activity in cloud apps increased from 65% to 79% in the first five months of 2022 , along with Cloud Storage, Collaboration, and Webmail applications rank among the top categories of cloud applications used within organizations.
  • Organizations use many applications with overlapping functionality: of the 138 applications for which an organization with 500 to 2,000 users downloads, creates, shares or stores data, there are on average four webmail applications, seven applications cloud storage and 17 collaboration apps. This overlap can lead to security issues, such as misconfigurations, policy drift, and inconsistent access policies.

“Organizations are usually surprised when they find out how many overlapping applications they are using. Gaining this visibility is an important step in helping to curb the proliferation of the cloud and reduce the risks it poses. on sensitive data. Once you know how data is accessed, you can begin to enforce policies that reduce data risk without compromising productivity. Data security and productivity don’t have to be a compromise.” , concluded Canzanese.

Netskope Cloud and Threat Spotlight is produced by Netskope Threat Labs, a team comprised of the industry’s leading cloud threat and malware researchers who discover and analyze the latest cloud threats affecting businesses. Results are based on anonymized usage data between January 1 and May 31, 2022 and relating to a subset of Netskope customers with prior authorization.

Key words: applications, cybersecurity


Comments are closed.