Netskope revealed new research showing the continued growth of malware delivered by cloud applications and also the potential for critical data exfiltration tied to employees departing their jobs, among a range of increasing cloud application security risks.

The findings are part of the July 2021 Netskope Cloud and Threat Report, the latest installment of Netskope Threat Labs' biannual research analyzing critical trends in enterprise cloud service and app use, web and cloud-enabled threats, and cloud data migrations and transfers. As pandemic restrictions change, enterprises and their workers confront decisions on whether to stay home, return to the office, or change jobs. The July report found that some departing employees present disproportionately significant cloud security risks. In their last 30 days of employment, workers have been proven to be uploading three times more data than usual to personal cloud apps. 

Douglas Murray, CEO at Valtix, says, "What the Netskope Cloud and Threat Report correctly highlights is that public cloud security should be front of mind for all enterprises. In 2020, we saw a massive inflection point as cloud spend exceeded on-prem data center spend. With this comes the importance of securing cloud access, networks and applications. Cloud delivered malware is at a record high and even employees come into the mix by copying company data to personal could apps. This is why policies such as DLP to prevent exfiltration are so important. Companies need to prevent employees form copying data from corporate S3 buckets or Google drives to personal S3 buckets or Google drives by using network based access controls with an additional layer of DLP checks looking for critical data. The cloud can be very powerful. But it can also create significant corporate risk if not managed correctly."

Key Findings

Based on anonymized data collected from the Netskope Security Cloud platform across millions of users from January 1, 2021 through June 30, 2021, key findings of the report include:

  • Employees attempt to exfiltrate significant amounts of work data before they depart their jobs. Some departing employees upload three times more data to personal apps in the last 30 days of employment. Google Drive and Microsoft OneDrive personal instances are the most popular targets.

  • 97% of cloud apps used in the enterprise are shadow IT, unmanaged and often freely adopted.

  • Third-party app plugins pose serious data risks. The report shows 97% of Google Workspace users have authorized at least one third-party app access to their corporate Google account potentially exposing data to third parties due to scopes like "View and manage the files in your Google Drive."

  • Uptick in cloud environments that are exposed to the public creates opportunities for attackers. More than 35% of all workloads are exposed to the public internet within AWS, Azure, and GCP, with RDP servers - a popular infiltration vector for attackers - exposed in 8.3% of workloads.

  • Cloud-delivered malware is growing and reached an all time high. Cloud-delivered malware has increased to an all-time high of 68% with cloud storage apps accounting for nearly 67% of that cloud malware delivery and malicious Office docs now accounting for 43% of all malware downloads.

  • A return to the office hasn't quite started yet. Research indicates that 70% of users continue to work remotely as of the end of June 2021. At the beginning of the COVID-19 pandemic in March 2020, we saw a sudden and dramatic shift to remote work, from 30% of users working remotely before the pandemic to 70% working remotely soon after COVID-19 restrictions began to take hold.

Joseph Carson, chief security scientist and Advisory CISO at ThycoticCentrify, says, "The change to a hybrid work environment last year meant that security needed to evolve from being perimeter and network-based, to one that is focused on cloud, identity and privileged access management. Organizations must continue to adapt and prioritize managing and securing access to the business applications and data, such as that similar to the BYOD types of devices, and that means further segregation networks for untrusted devices but secured with strong privileged access security controls to enable productivity and access. Organizations are looking to a zero trust strategy to help reduce the risks resulting from a hybrid working environment which means to achieve a zero trust strategy organizations must adapt the principle least privilege that enables organizations to better control user and application privileges elevating only authorized users."

"Cloud-applications and third-party plug-ins accelerate work; instead, the key underlying problem organizations care about is to secure data. That is, to ensure that specific regulated data doesn't end up in unauthorized applications, and that allowed data in these applications is tightly access-controlled," says Mohit Tiwari, Co-Founder and CEO at Symmetry Systems. "On the plus side, cloud- and SaaS-services all provide knobs to control access, so a data-security service that can overlay data security -- access control, classification, monitoring -- across cloud- and SaaS-services could allay security concerns that stem from using modern enterprise tools."

Get the full Netskope Cloud and Threat Report here.