Malware delivered by cloud applications continues to grow, according to new research released Tuesday by Netskope, which also showed 97% of cloud apps used in the enterprise are shadow IT, unmanaged and often freely adopted.
The research found that cloud-delivered malware has increased to an all-time high of 68%, with cloud storage apps accounting for nearly 67% of that cloud malware delivery — and malicious Microsoft Office docs accounting for 43% of all malware downloads.
Ray Canzanese, threat research director at Netskope, said the survey points out that enterprises must rethink security based on the reality of cloud application use.
“They should favor a security architecture that provides context for apps, cloud services, and web-user activity, and that applies zero-trust controls to protect data wherever and however it's accessed,” Canzanese said.
The survey also found that more than 35% of all workloads are exposed to the public internet within AWS, Azure, and the Google Cloud — and RDP servers — a popular infiltration vector for attackers — are exposed in 8.3% of workloads.
Cloud-applications and third-party plug-ins accelerate work, but they also create security issues, said Mohit Tiwari, co-founder and CEO of Symmetry Systems.
“On the plus side, cloud- and SaaS-services all provide knobs to control access, so a data-security service that can overlay data security — access control, classification, monitoring — across cloud- and SaaS-services can allay security concerns that stem from using modern enterprise tools,” Tiwari said.
The change to a hybrid work environment last year meant that security needed to evolve from being perimeter and network-based to one that’s focused on cloud, identity and privileged access management, said Joseph Carson, chief security scientist and Advisory CISO at ThycoticCentrify.
“Organizations are looking to a zero trust strategy to help reduce the risks resulting from a hybrid working environment, which means to achieve a zero trust strategy companies must adapt the least privilege that enables organizations to better control user and application privileges elevating only authorized users,” Carson explained.