Cloud App Woes: No GDPR Compliance, Malware Triples

Cloud App Woes: No GDPR Compliance, Malware Triples

When it comes to cloud apps, about three-quarters of them lack key capabilities to ensure compliance with the European Union General Data Protection Regulation (GDPR) new research has revealed. And, there’s been a three-fold increase in malware in cloud apps since January.

According to the June 2016 Netskope Cloud Report on enterprise cloud app usage and trends, with full GDPR implementation less than two years away, many enterprise cloud apps have a significant amount of catching up to do before the deadline.

Out of the more than 22,000 apps tracked in the report, a full 75% fail to comply with the regulation’s data privacy mandate, which include requirements for core security features, like deleting personal data in a timely manner, and for data portability. Failure to comply will impose significant penalties on enterprises: $22 million or up to 4% of annual worldwide revenue, whichever total is greater.

Cloud adoption is carrying on apace though. The report also found that in the first quarter of 2016, employees used, on average, 935 cloud apps in any given organization. Within specific verticals, financial services companies had the highest number of cloud apps in use, averaging 1,046 per business. This was followed by manufacturing, which had 1,021 cloud apps in use per business.

“The shift to the cloud presents an increasing complexity and volume of security challenges for enterprises, including regulations like the EU GDPR,” said Sanjay Beri, CEO and founder of Netskope. “With the deadline for compliance looming, complete visibility into and real-time control over app usage and activity in a centralized, consistent way that works across all apps is paramount for organizations to understand how they use and protect their customers’ personal data.”

Aside from privacy compliance, the research uncovered other issues. For instance, the vast majority (94.6%) of the apps being used in the workplace are not enterprise-ready and lack key functionalities such as security, audit and certification, service-level agreement, legal, privacy, financial viability and vulnerability remediation.

Worse, Netskope found that 11% of enterprises have sanctioned apps laced with malware, meaning that number has nearly tripled since the previous quarter.

The majority of malware detected were JavaScript exploits and droppers (63.3%), which are increasingly used to deliver ransomware that encrypts users’ files or entire systems. The remainder consisted of Microsoft Office macros (21.3%), backdoors (4.9%), mobile malware (4.3%), and spy- and adware, Mac malware, and other malware at 3.2%, 2.7%, and less than 1%, respectively. Nearly three-quarters (73.5%) of these detections were categorized as “severe.” More than a quarter (26.0%) of malware was detected in files that had been shared with others, demonstrating the ease of propagation and risk of malware in the cloud.

Photo © Shutter_M

Source: Information Security Magazine