Netskope Cloud Report: A Look at Compromised Credentials

We released the Netskope Cloud Report for January today. In it, we report the latest numbers for cloud app adoption, with an average of 613 cloud apps per enterprise, as well as a host of other goodies, like top-used apps, activities that constitute a policy violation, and percentage of content-at-rest in sanctioned cloud storage that violates organizations’ data loss prevention profiles like PII and PCI.

Every quarter we drill a little deeper beyond our standard statistics into an area of cloud security, from activities like sharing to mobile cloud usage. This quarter, we highlighted some research that we are conducting around compromised account credentials. We have noticed that a growing number of enterprise cloud users are logging into their cloud apps using login names and passwords that have been stolen as part of a data hack or exposure. Based on our research, we estimate that 15 percent of users have had their account credentials compromised.

One fact that exacerbates this situation is that many people reuse their passwords for multiple accounts. Research suggests that as many as half of all users, and often more, do this. Combine that with the fact that a high number of your enterprise users log into your popular cloud-based apps like Salesforce, Box, Dropbox, Concur, and WebEx. Even if you’re diligent about protecting those apps, the chances are high that one of those users is logging into your business-critical apps with compromised credentials, even if the compromise had nothing to do with those apps or your protection of them.

How can you protect your business-critical apps given this situation? We recommend five things:

• Discover all of your business-critical cloud apps. As you move to secure all of the cloud apps that you deem important or house sensitive data, reach beyond apps you know. IT typically underestimates cloud usage by about 90 percent. Of course, not all apps in use are going to be business-critical. But some are. Before applying security controls, make sure you identify which apps need protection.
• Secure access to your business-critical apps with multi-factor authentication. Ensure that users accessing your apps are really who they claim to be, and be able to prove it after the fact.
• Consider using single sign-on for your business-critical apps. SSO will enable you to easily manage access to your most important apps and will take password guesswork out of your users’ hands, all while making their lives easier.
• Monitor granular user and admin activities. Ensure that you can go back after suspicious activity and easily construct an audit trail on who did what in your business-critical cloud apps. This means who downloaded client records from Salesforce, who shared sensitive content from your sanctioned cloud storage app, and so on.
• Keep an eye out for anomalies. Excessive downloads or shares or out-of-the-ordinary access patterns may signal compromised credentials. Make sure you are watching for anomalies across all of your cloud apps, especially your business-critical ones, and that you instrument in alerts so you can take immediate action.

It’s nearly impossible to protect your users from having their credentials compromised. But there are some very clear steps you can take to protect your most business-critical apps and the data they house. Learn more about this topic and other cloud usage statistics in the Netskope Cloud Report.