Majority of Apps not Ready for EU General Data Protection Regulation

Quarterly report on enterprise cloud app usage also sees percentage of enterprises with sanctioned cloud apps laced with malware nearly triple

Netskope, the leading cloud access security broker, today announced the release of the June 2016 Netskope Cloud Report™ on enterprise cloud app usage and trends. According to the report, in the first quarter of 2016, employees used, on average, 935 cloud apps in a given organization, a slight increase from the previous report. The report focuses on cloud app readiness for the European Union General Data Protection Regulation (GDPR) and found that three-quarters of apps lack key capabilities to ensure compliance. In addition, the report found that 11 percent of enterprises have sanctioned apps laced with malware, a nearly threefold increase from the prior report.

With full GDPR implementation less than two years away, many enterprise cloud apps have a significant amount of catching up to do before the deadline. Seventy-five percent of the more than 22,000 apps tracked in the report fail to comply with the regulation’s data privacy mandate, which include requirements for core security features, like deleting personal data in a timely manner, and for data portability. Failure to comply will impose significant penalties on enterprises: $22 million or up to four percent of annual worldwide revenue, whichever total is greater.

The shift to the cloud presents an increasing complexity and volume of security challenges for enterprises, including regulations like the EU GDPR,” said Sanjay Beri, CEO and founder of Netskope. “With the deadline for compliance looming, complete visibility into and real-time control over app usage and activity in a centralized, consistent way that works across all apps is paramount for organizations to understand how they use and protect their customers’ personal data.”

Netskope created a unique methodology to determine GDPR compliance scores. A series of factors, including data retention, privacy and protection, were used to score apps on a scale of 1-100, with a higher score indicating GDPR compliance readiness. Among the more than 22,000 apps analyzed in the report, 27.8 percent scored “low” when it comes to GDPR readiness, 47.6 percent scored “medium” and only 24.6 percent scored “high.”

Other Significant Report Findings

Percentage of Enterprises with Malware-Laced Sanctioned Cloud Apps Nearly Triples
For the second consecutive quarter, the report examined the percentage of enterprises that have sanctioned apps containing malware. This figure has nearly tripled from the previous cloud report, increasing from 4.1 percent to 11.0 percent. This shift indicates that cloud apps are a growing and particularly vulnerable threat vector for enterprises.

The majority of malware detected were JavaScript exploits and droppers (63.3 percent), which are increasingly used to deliver ransomware that encrypts users’ files or entire systems. The remainder consisted of Microsoft Office macros (21.3 percent), backdoors (4.9 percent), mobile malware (4.3 percent), and spy- and adware, Mac malware, and other malware at 3.2 percent, 2.7 percent, and less than 1 percent, respectively. Nearly three quarters (73.5 percent) of these detections were categorized as “severe.” More than a quarter (26.0 percent) of malware was detected in files that had been shared with others, demonstrating the ease of propagation and risk of malware in the cloud.

Microsoft Maintains Lead in Enterprise App Usage
Microsoft continues to dominate the enterprise cloud productivity and storage app markets, claiming seven of the top 20 apps used by Netskope customers. Microsoft Office 365’s Outlook.com (web mail) and OneDrive (cloud storage) apps come in at numbers two and three, respectively, after Facebook, which claims the top spot. OneDrive for Business outranks Google Drive and Apple iCloud Cloud Storage apps, showing Microsoft remains the go-to for enterprise apps.

Cloud Storage Apps Continue to Lead in Cloud Data Loss Prevention (DLP) Violations
Cloud storage apps continue to dominate cloud DLP violations, accounting for 73.6 percent of all violations, followed by web mail at 22.1 percent. Downloads account for the majority of DLP violations (over 50 percent), followed by upload and send. While protected health information (PHI) was the most common cloud DLP violation last fall, the June 2016 report saw personally identifiable information (PII) take the lead at 44.0 percent.

Breakdown of Cloud Apps By Industry
The report found that of the average 935 cloud apps in use per enterprise, a two percent increase from the previous quarter. The vast majority, 94.6 percent, of these apps are not enterprise-ready and lack key functionalities such as security, audit and certification, service-level agreement, legal, privacy, financial viability, and vulnerability remediation. Within specific verticals, financial services companies had the highest number of cloud apps in use, averaging 1,046 per business. This was followed by manufacturing, which had 1,021 cloud apps in use per business.

Industry Group Number of Cloud Apps Per Enterprise
1 Financial Services, Banking and Insurance 1,046
2 Manufacturing 1,021
3 Healthcare and Life Sciences 976
4 Technology and IT Services 954
5 Retail, Restaurants and Hospitality 626

Average Cloud Apps per Enterprise by App Category
Apps in the marketing and collaboration categories had the highest number of cloud apps per enterprise. While more marketing apps are in use, collaboration apps are proving to be more ready for enterprise security standards: 90 percent are not enterprise-ready while 97 percent of marketing apps are not enterprise-ready.  In addition to the marketing category, the large majority of productivity, human resources and finance/account apps are not enterprise-ready.

Category Average # of Apps Per

Enterprise

Percentage of Apps

Not Enterprise-Ready

Marketing 97 97
Collaboration 64 90
Finance/Accounting 56 97
Productivity 53 99
Human Resources 48 97
CRM and SFA 35 96
IT/Application

Management

29 95
Software

Development

28 92
Social 23 90
Cloud Storage 27 76

Author: Dylan Jones

Share This Post On
468 ad

Submit a Comment

Your email address will not be published.