mercredi 26 août 2015

One percent of employees account for 75 percent of cloud risk

Cloud risk

Cloud security specialist CloudLock has released a new report looking at the risks of user behavior to businesses using cloud systems.

It reaches the startling conclusion that just one percent of users account for 75 percent of the security risk. The top one percent of users are responsible for 57 percent of file ownership, 81 percent of files shared, 73 percent of excessively exposed files and 62 percent of app installations.

Understanding the composition of this one percent of users is crucial for security teams. Often it includes super-privileged users and software architects, as well as machine-based identities (such as applications with programmatic access) that grant access privileges and archive data.

A similar imbalance also shows in cloud-based collaboration. While organizations on average collaborate with 865 external parties, just 25 of these account for 75 percent of cloud-based sharing. Also, 70 percent of external file sharing occurs with non-corporate email addresses which security teams have little control over.

Risky installs are a problem too. Many cloud applications support integration with third-party applications, outside the network and undetectable via traditional security tools, such as proxy- or gateway-based solutions. These apps may be targeted by cybercriminals as entry points to organizations. CloudLock research reveals that 52,000 instances of applications are installed by highly privileged users -- this represents a high risk given that privileged accounts are highly coveted by malicious cybercriminals.

"Cyber attacks today target your users -- not your infrastructure. As technology leaders wake up to this new reality, security programs are being reengineered to focus where true risk lies: with the user," says CloudLock CEO and co-founder Gil Zimmermann. "The best defense is to know what typical user behavior looks like - and, more importantly, what it doesn't".

You can read more in the full report which is available to download from the CloudLock website.

Image Credit: Creativa Images / Shutterstock



Aucun commentaire:

Enregistrer un commentaire