Apps That Violate IT Policy – What and How?

Apps That Violate

Over the last two days we’ve looked at  whether or not Shadow IT is a opportunity or a threat, and the security risks that unapproved apps pose to businesses and organisations. To conclude the mini-series, today we look at a new report that’s been released by Netskope. The ‘Netskope Cloud Report’ typically compiles the most interesting trends on cloud app adoption and usage based on aggregated, anonymised data from the Netskope Active Platform.

The key theme in the Q3 report for 2014 is how mobile devices have been using the cloud. They note that more than half of all ‘send’ or ‘approve’ activities occur on mobile, and a shockingly high number of activity-based policy violations also occur on the platform. The most frequent offenders aren’t social, but largely “prosumer” apps – demonstrating that IT departments are still finding it difficult to move employees on to a single, approved app for a single, specific purpose.

Enterprise Ready

In total, businesses are using on average a mammoth 579 cloud apps, of which a worryingly high 88.7 percent are not enterprise ready – failing to meet standards in either security, auditability, or business continuity. To reinforce the belief that Shadow IT is spiralling out of control, Netskope cite one business which used more than 3,000 apps. As we discussed on Monday, this is a huge problem for IT departments, especially given more than one-third of all policy violations are currently occurring via mobile apps.

With the exception of ubiquitous apps such as Dropbox and Evernote, line-of-business apps are the most common. Marketing apps are the most common (60 per business), then human resources (36), finance/accounting (29), and CRM (24). Of those apps, the threat posed to an organisation’s security is vast – 98 percent of marketing apps are not enterprise ready, 96 percent of HR, 98 percent of finance and 91 percent of CRM.

Policy violations can take many forms – ranging from downloading personally-identifiable information from an HR app to a mobile device, to alerting when users share documents in cloud storage apps with someone outside of the company. With 44 percent of all download activities occurring on mobile devices, and with 40 percent of all sharing happening via mobile, it’s quickly apparent why IT departments struggle to track, update and manage the Shadow IT within an organisation.

In terms of the apps with the largest volume of policy violations, the top five categories which offend most frequently are cloud storage, CRM, collaboration, HR, and finance. From these categories, the five activities which most frequently constitute policy violations are logins, views, downloads, edits and uploads.

Top 10 App Violators

The top ten apps that violate IT policy were also highlighted in the report. The high usage of these apps by employees should provide yet another serious concern for IT departments.

NS-Cloud-Report-Oct14-IG-00_001

By Dan Price

Patrick Joggerst

Living on the Edge: The New Real-Time Communications Security Risks

Real-time communications Security Risks As more and more people have been forced to work remotely due to the global public health crisis, collaboration platforms have ...
Fahim Kahn

The 5 Biggest Hybrid Cloud Management Challenges—And How to Overcome Them

Hybrid Cloud Management Challenges The benefits of the cloud—reduced costs, greater IT flexibility, and more—are well-established. But now many organizations are moving to hybrid cloud ...
David Gevorkian

Why Web Accessibility is Important and How to Avoid Lawsuits

Why Web Accessibility is Important In today’s digitally driven world, those with disabilities are normally the ones experiencing difficulties when using and navigating the web ...
Sangeeta Chhabra

What Accountants Should Know About The Cloud

Cloud Accounting Cloud technology has been at the top of the charts of new-age technologies for a long time now. Almost every industry in the ...
Hacker Cloud

Pandemic and Cybersecurity: Top Threats to Businesses

Pandemic and Cybersecurity The worldwide spread of the COVID-19 virus is coming to naught (or at least we hope so). But the impact that this ...
Anita Raj

Will there be a normal to go back to after COVID-19?

The COVID-19 Aftermath Until November last year, not one of us would have expected life to take such a dramatic turn in as short as ...
Data Bed.png