Cloud Usage Risk Report
The Adallom Cloud Risk Report is published annually, detailing actionable insights and information mined from the Adallom subscriber base. This specific report incorporates analysis of cloud application usage for over one million enterprise SaaS enabled users traversing four dominant SaaS platforms: Salesforce, Box, Google Apps, and Office 365 between October 2013 and October 2014.
This report is the first of its kind to detail application usage patterns and risky behaviors for the top SaaS applications used by businesses. The key findings in this report reaffirm the need for a new approach to data governance, risk management, and security in the context of cloud adoption. Perimeter and endpoint security solutions provide minimal protection against new, emerging, and largely unknown risks. Therefore, enterprises need to proactively invest in new controls like Identity and Access Management (IAM) solutions and Cloud Access Security Brokers.
Key findings include:
- In the cloud zombies are real: 11% of all enterprise SaaS accounts are "zombies," inactive assigned users that are at best eating up the cost of a license, and at worst increase the attack surface of the organization.
- More admins, more problems: Every administrative account represents a real and present risk to the enterprise. In some SaaS applications Adallom recorded an average of 7 administrators out of every 100 users.
- 80% of companies have at least one former employee whose SaaS application credentials have not been disabled: De-provisioning continues to plague organizations, credential creep makes the problem unwieldy.
- 19% of users bypass Identity and Access Management controls: Rebalancing the enterprise security portfolio from exclusively preventative controls to blended risk management based compensating controls is necessary.
- 5% of an average company’s private files are publicly accessible: The productivity gains of SaaS adoption come at the cost of reduced legacy control effectiveness and purview, it’s time to refresh enterprise governance controls.
- The average company shares files with 393 external domains: Accountability and liability for the distribution of enterprise data, especially privileged data continue to challenge IT in the cloud era.
- 29% of employees share an average 98 corporate files with their personal email accounts: Personal sharing of enterprise data manifests both governance and security risks.
- Think of the orphans: An average of 6% of files in cloud services are orphans. Of those, approximately 70% were created by users outside the company, and 30% by terminated employees or former contractors.
- 37% of our customers discovered they stored more cloud data in Salesforce than any other cloud storage service: Although Salesforce has a secure storage layer, its information governance controls are limited.
Please read the attached whitepaper.