The cloud offers a host of benefits, from reduced costs and greater flexibility to increased storage, mobility and collaboration. According to a report issued today by Los Altos, Calif.-based Netskope, a cloud security services provider, the average enterprise now hosts 917 cloud apps, up from 755 in the third quarter last year —  a 21 percent increase.

While the magnitude of the upsurge may be a surprise, what’s probably not is that marketing apps predominate.

After all, marketing pros have been in the business of self-service IT since the time of mainframes. Stories are legion of sales and promotion executives of yesteryear hiding servers beneath their desks where they couldn’t be discovered by IT. And while marketing apps may not include sensitive data, many do hold personally identifiable information (PII) about users, their web use and their buying preferences, which could cause problems when General Data Protection Legislation (GDPR) is enacted in Europe.

Finger-Shaking or Real Trouble?

With the advent of millennials entering the workplace and “there’s an app for that” and collaborative thinking the new default, Enterprise IT managers have their hands full. While that might have been reason for some finger-shaking in days past, uploading, syncing and sharing data across endpoints makes room for a whole new set of problems. 

The Netskope report calls it the “fan-out” effect.

The survey, which gleaned its insights from millions of respondents, reports that 94 percent of cloud apps used by employees aren’t enterprise-grade. And of those that are, are 4.1 percent contain malware.

This suggests a problem not with the app itself, but as a by-product of activities where data may not be protected at the appropriate level during uploads, downloads and sync and share activities, all of which hold the potential of multiplying across devices.

While we may typically think of cloud storage apps when hear sync and share, there’s a great deal of collaboration going on elsewhere.

Collaboration Beyond Cloud Storage

Human Resources (HR) apps are the second most prevalent cloud app activity in the enterprise, according to the survey, which also indicated that download is the second predominant activity among them. 

Problems could arise when sensitive employee data from HR apps gets uploaded into cloud storage. Though users engaged in such activities may be doing so for completely legitimate purposes (such as analyzing performance data, compensation data, and such), it could represent a serious PII violation.

Business Intelligence (BI) Apps users share data profusely it seems, here again, with good intentions, but after sharing and viewing come uploads, potential for trouble again.

While finance apps haven’t been typically found in the cloud, until recently, they’re wonderful for activities like authorizing payments, expense reporting and approvals, execution of subscription renewals and such. 

Here edit is the top activity. What’s worth noting is that these activities are often considered as “systems of record” and need to be carefully governed — tracking, actual and attempted log-ins and logouts are a must and data modification activity must be carefully considered.

Learning Opportunities

Webinar
Learn how to optimize your digital customer journey
Jun
6
The Future of Social Media: Emerging Trends and How to Stay Ahead of the Curve
The impact of emerging technologies like AI on social media
Webinar
What it takes to do personalization well
Jun
7
The Building Blocks of Personalization
This webinar will explore how personalization can create powerful ecommerce shopping experience.
Webinar
Review necessary steps to protect your business
Jun
8
Attracting—and Keeping—Your High-Net-Worth Investors
Join PwC to dissect their recent survey findings on a specific customer subset — high-net-worth investors.
Webinar
Discover the challenges that contact centers, AX, and CX face and how CAI-assisted applications can help solve them
Jun
13
The Future of Contact Centers with AI at the Helm
Learn how to balance human intuition and interaction with the potential uses of AI to create delightful and lasting CX
Webinar
What data should be collected to achieve meaningful engagement
Jun
20
3 Steps to Unlock Your Customer Data and Drive Revenue
Discover how Twilio Segment’s #1 Customer Data Platform helps implement data-driven strategies.
Webinar
AdobeStock_100712730
On demand
AI for Marketers: Optimize Personalization Across the Funnel
Understand the benefits of utilizing AI across your entire marketing stack
Webinar
Learn how to optimize your digital customer journey
Jun
6
The Future of Social Media: Emerging Trends and How to Stay Ahead of the Curve
The impact of emerging technologies like AI on social media
Webinar
What it takes to do personalization well
Jun
7
The Building Blocks of Personalization
This webinar will explore how personalization can create powerful ecommerce shopping experience.
Webinar
Learn how to optimize your digital customer journey
Jun
6
The Future of Social Media: Emerging Trends and How to Stay Ahead of the Curve
The impact of emerging technologies like AI on social media
Webinar
What it takes to do personalization well
Jun
7
The Building Blocks of Personalization
This webinar will explore how personalization can create powerful ecommerce shopping experience.
Webinar
Review necessary steps to protect your business
Jun
8
Attracting—and Keeping—Your High-Net-Worth Investors
Join PwC to dissect their recent survey findings on a specific customer subset — high-net-worth investors.
Webinar
Learn how to optimize your digital customer journey
Jun
6
The Future of Social Media: Emerging Trends and How to Stay Ahead of the Curve
The impact of emerging technologies like AI on social media

3 Things Enterprise IT Can Do

Beyond policy enforcement in the cloud, Sanjay Beri, CEO of Netskope, recommended bringing users into the security fold through coaching rather than simply blocking the use of a cloud app. Why? Because the “latter approach almost never works.”

He added that his team regularly hears from customers that “coaching users of unsanctioned apps to their sanctioned alternatives, such as Microsoft Office 365, achieves far greater security and productivity results among employees and avoids creating a “culture of no.”

“IT leaders can take charge by ensuring administrative privileges, access controls, activities governance and data security based on individual users and cloud apps, rather than painting a broad stroke and simply blocking apps,” said Beri.

Second, given that unsanctioned apps represent the majority of an enterprise’s total cloud app footprint (at 95 percent), Beri noted that IT may have an even larger scope of cloud app-based malware in enterprises than initially realized.

“IT leaders must know what apps live in their network -- including unsanctioned apps -- and continuously scan for malware (both at rest in or en-route to or from cloud apps) in order to prevent the spread of malware through the sync and share mechanisms present in the cloud storage apps they use”.

Finally, GDPR, which affects not only companies in Europe but also those that do business there, it’s critical that they pay close attention to the data in their cloud apps.

“The stark reality is that most apps do not even come close to meeting GDPR requirements of preventing personal data from being stored in ways that violate security policies.  Enterprises know this too!” said Beri, noting that a recent Netskope study showed that only one in five companies are confident they will comply with the GDPR. “IT can begin tackling this challenge by discovering apps, negotiating data processing agreements and instituting mitigating controls,” he said.

Apps in the cloud are pretty much a no-brainer, but the way forward is not without risk. You need to control, secure, care for and control your data, and keep the malware from coming in.

Title image "Fortress" (CC BY-ND 2.0) by  HelloImNik