Cloud Apps Safe For Work
One-third of Fortune 1000 Employees Share Sensitive Company Data with Third-Party Apps; IBM Cloud Security Enforcer Helps Organizations to See, Manage and Secure Usage Across Public and Hybrid Cloud Environments
ARMONK, New York – September 18, 2015 – IBM today announced new cloud security technology that helps safeguard the increasing use of “bring your own” cloud apps at work. Cloud Security Enforcer will help companies gain visibility into all third-party cloud apps, accessed as a service by their employees, providing a secure way to use them, and enables companies to control which corporate data can and cannot be shared with the apps.
Cloud Security Enforcer helps companies address a potentially significant security exposure, as they currently only have visibility into a fraction of the apps used by their workforce. New research from IBM found that one-third of employees at Fortune 1000 companies are sharing and uploading corporate data on third-party cloud apps. Employees today are increasingly engaging in risky practices on these tools, such as signing in with their personal email addresses, using weak passwords or re-using corporate log-in credentials.
While the cloud offers greater productivity, security tradeoffs can result in the loss of control of corporate data, and the inability of companies to protect employees’ identities.
Millennials Lead Cloud Adoption, Recognizing Need for Easier Access, Better Productivity
IBM’s study of employees at Fortune 1000 companies also found that millennial employees, who will make up half of the worldwide workforce by 20201, are the biggest users of cloud apps outside of their companies’ policies. According to the study, over half (51 percent) of this demographic is using cloud services at work. Additionally, one in every four employees is also linking these apps to his or her corporate log-in and password, leaving vast loopholes through which hackers can gain access to company networks.
The challenge of employees doing these rogue activities on unsanctioned apps, known as “Shadow IT”, results in companies losing control over and visibility into sensitive data, and is further compounded by circumstances that can exacerbate a loss of control.
For example, an employee could use her personal email to set up an account on a third-party, file-sharing app, to which she would then upload her team’s sales contacts in order to see them on her mobile device. While this unapproved use would give her flexible access to this data, it presents a major challenge if she decided to take another position at a competitor. Although she would no longer have access to the data and networks monitored by her former employer’s IT team, she would still have visibility into the data uploaded into that app – presenting a potentially tremendous competitive problem.
IBM Cloud Security Enforcer Launches to Help Enable Safer Use of Unsanctioned Apps
Hosted on IBM Cloud, IBM’s new Cloud Security Enforcer is a cloud-based tool that can scan a corporate network, find the apps employees are using, and provide a more secure way to access them. Building on IBM’s existing partnership with Box, which offers users strengthened security when sharing files via mobile devices and the web, IBM has also built connectors into Box’s leading file-sharing cloud app for Cloud Security Enforcer.
In addition to Box’s app, IBM has built secure connectors for other popular and commonly used apps used at work, including tools from Microsoft Office 365, Google Apps, Salesforce.com and more.
This catalog of app connectors is constantly expanding, and features added security checks on the integrity and safety of apps being used by employees. These checks are done with the deep threat analytics from IBM X-Force, IBM’s global threat intelligence network. This platform is manned by a vast, global network of security analysts around the world, and monitors the internet for malicious activity and emerging attacks, based on an analysis of more than 20 billion global security events daily. This security intelligence allows IT teams to quickly react to emerging threats on cloud apps being used by employees; blocking and taking action against the ones which may present a risk.
Built by IBM Security, the technology helps organizations to reduce the challenges of shadow IT, defend against malicious actors looking to prey on unsafe cloud app usage, and realize the productivity and efficiency benefits of using cloud apps more securely. This is achieved by four core capabilities which:
- Detect unauthorized cloud app usage among employees, enabling companies to determine and securely configure the apps employees want to use, as well as manage, view and direct how employees are using and accessing them.
- Determine and enforce what organization data can/cannot be shared by employees with specific third-party cloud apps.
- Connect employees instantly to third-party cloud apps through security-rich connectors, including automatically assigning sophisticated passwords, helping to alleviate security breaches caused by human error (95% of all incidents2), such as weak passwords.
- Protect against employee-induced and cloud-based threats through analysis of real-time threat data from IBM’s X-Force Exchange.
With the release of Cloud Security Enforcer, IBM continues to deliver on its commitment to extend clients’ control, visibility, security and governance inherent to their hybrid cloud environments. In doing so, IBM is providing increased data portability in a more secure way across environments.
To read the full research results of how employees are using cloud apps, visit https://securityintelligence.com/.
To learn more about Cloud Security Enforcer, visit http://ibm.co/1Ka28d5.
About IBM Security
IBM’s security platform provides the security intelligence to help organizations holistically protect their people, data, applications and infrastructure. IBM offers solutions for identity and access management, security information and event management, database security, application development, risk management, endpoint management, next-generation intrusion protection and more. IBM operates one of the world’s broadest security research and development, and delivery organizations. For more information, please visit www.ibm.com/security, follow @IBMSecurity on Twitter or visit the IBM Security Intelligenceblog.
1. Gallup Poll: http://www.gallup.com/poll/183074/millennials-trusting-safety-personal-information.aspx
2. IBM X-Force Threat Intelligence Quarterly; Q1 2015
About the Survey
These are findings from an Ipsos poll conducted on behalf of IBM, fielded July 27 – 31st, 2015. For the survey, a sample of 1,001 U.S. adults employed full-time at Fortune 1000 companies was interviewed online. The precision of Ipsos online polls is measured using a credibility interval. In this case, the poll has a credibility interval of plus or minus 3.5 percentage points for all employees. The data was weighted to the U.S. current population data by gender, age, region and household income, based on U.S. Census data.
Disclaimer: IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion.