The cloud offers a host of benefits, from reduced costs and greater flexibility to increased storage, mobility and collaboration. According to a report issued today by Los Altos, Calif.-based Netskope, a cloud security services provider, the average enterprise now hosts 917 cloud apps, up from 755 in the third quarter last year —  a 21 percent increase.

While the magnitude of the upsurge may be a surprise, what’s probably not is that marketing apps predominate.

After all, marketing pros have been in the business of self-service IT since the time of mainframes. Stories are legion of sales and promotion executives of yesteryear hiding servers beneath their desks where they couldn’t be discovered by IT. And while marketing apps may not include sensitive data, many do hold personally identifiable information (PII) about users, their web use and their buying preferences, which could cause problems when General Data Protection Legislation (GDPR) is enacted in Europe.

Finger-Shaking or Real Trouble?

With the advent of millennials entering the workplace and “there’s an app for that” and collaborative thinking the new default, Enterprise IT managers have their hands full. While that might have been reason for some finger-shaking in days past, uploading, syncing and sharing data across endpoints makes room for a whole new set of problems. 

The Netskope report calls it the “fan-out” effect.

The survey, which gleaned its insights from millions of respondents, reports that 94 percent of cloud apps used by employees aren’t enterprise-grade. And of those that are, are 4.1 percent contain malware.

This suggests a problem not with the app itself, but as a by-product of activities where data may not be protected at the appropriate level during uploads, downloads and sync and share activities, all of which hold the potential of multiplying across devices.

While we may typically think of cloud storage apps when hear sync and share, there’s a great deal of collaboration going on elsewhere.

Collaboration Beyond Cloud Storage

Human Resources (HR) apps are the second most prevalent cloud app activity in the enterprise, according to the survey, which also indicated that download is the second predominant activity among them. 

Problems could arise when sensitive employee data from HR apps gets uploaded into cloud storage. Though users engaged in such activities may be doing so for completely legitimate purposes (such as analyzing performance data, compensation data, and such), it could represent a serious PII violation.

Business Intelligence (BI) Apps users share data profusely it seems, here again, with good intentions, but after sharing and viewing come uploads, potential for trouble again.

While finance apps haven’t been typically found in the cloud, until recently, they’re wonderful for activities like authorizing payments, expense reporting and approvals, execution of subscription renewals and such. 

Here edit is the top activity. What’s worth noting is that these activities are often considered as “systems of record” and need to be carefully governed — tracking, actual and attempted log-ins and logouts are a must and data modification activity must be carefully considered.

3 Things Enterprise IT Can Do

Beyond policy enforcement in the cloud, Sanjay Beri, CEO of Netskope, recommended bringing users into the security fold through coaching rather than simply blocking the use of a cloud app. Why? Because the “latter approach almost never works.”

He added that his team regularly hears from customers that “coaching users of unsanctioned apps to their sanctioned alternatives, such as Microsoft Office 365, achieves far greater security and productivity results among employees and avoids creating a “culture of no.”

“IT leaders can take charge by ensuring administrative privileges, access controls, activities governance and data security based on individual users and cloud apps, rather than painting a broad stroke and simply blocking apps,” said Beri.

Second, given that unsanctioned apps represent the majority of an enterprise’s total cloud app footprint (at 95 percent), Beri noted that IT may have an even larger scope of cloud app-based malware in enterprises than initially realized.

“IT leaders must know what apps live in their network -- including unsanctioned apps -- and continuously scan for malware (both at rest in or en-route to or from cloud apps) in order to prevent the spread of malware through the sync and share mechanisms present in the cloud storage apps they use”.

Finally, GDPR, which affects not only companies in Europe but also those that do business there, it’s critical that they pay close attention to the data in their cloud apps.

“The stark reality is that most apps do not even come close to meeting GDPR requirements of preventing personal data from being stored in ways that violate security policies.  Enterprises know this too!” said Beri, noting that a recent Netskope study showed that only one in five companies are confident they will comply with the GDPR. “IT can begin tackling this challenge by discovering apps, negotiating data processing agreements and instituting mitigating controls,” he said.

Apps in the cloud are pretty much a no-brainer, but the way forward is not without risk. You need to control, secure, care for and control your data, and keep the malware from coming in.

Title image "Fortress" (CC BY-ND 2.0) by  HelloImNik