An average company of 500-2,000 users uploading, creating, sharing or storing data in 138 different apps and using an average of 1,558 distinct cloud apps each month.
The Netskope Cloud and Threat Report: Cloud Data Sprawl revealed that cloud app use within organisations continues to rise, as it has already increased 35 per cent since the beginning of 2022, with an average company of 500-2,000 users uploading, creating, sharing or storing data in 138 different apps, and using an average of 1,558 distinct cloud apps each month.
Netskope, Security Service Edge (SSE), recently released new research detailing the rapid increase of cloud apps used within businesses worldwide.
The report found that more than 1 in 5 (22 per cent) users upload, create, share or store data in personal apps and personal instances, with Gmail, WhatsApp, Google Drive, Facebook, WeTransfer, and LinkedIn ranking as the most popular personal apps and instances.
A personal app, such as WhatsApp, is an app that only sees personal usage from personal accounts. A personal instance is a personal account of an app that is also managed by the organisation. For example, someone’s personal Gmail account in an organisation that uses Google Workspaces is a personal instance.
Additionally, highlighting a continued trend in insider risk, the report revealed that 1 in 5 users (20 per cent) upload an unusually high amount of data to such personal locations during the 30 days before they leave an organisation, marking an increase of 33 per cent during the same period last year.
“Cloud apps have helped to increase productivity and enable hybrid work, but they have also caused an ever-increasing amount of data sprawl that puts sensitive data at risk,” said Ray Canzanese, Threat Research Director, Netskope Threat Labs. “Personal apps and instances are particularly concerning since users maintain access to data stored in those instances even after leaving an organisation. Proactive security measures – especially policy controls that limit access to sensitive data to only authorised users and devices and prevent sensitive data from being uploaded to personal apps and personal instances – can help reduce the risks of loss or exposure of sensitive data.”
Additional key findings from the report include:
- Personal app usage is lowest in Financial Services, highest in Retail: The Financial Services sector has the most success in limiting the flow of data into personal apps and instances, with less than 1 in 10 users (9.6 per cent) doing so, whereas nearly 4 in 10 (39.1 per cent) of users in the Retail sector upload data to personal apps and instances.
- More users than ever are uploading, creating, sharing, or storing data in cloud apps: The percentage of users with data activity in cloud apps increased from 65 per cent to 79 per cent in the first five months of 2022, with Cloud Storage, Collaboration, and Webmail apps ranking as the top cloud app categories used within organisations.
- Organisations use many apps with overlapping functionality: Of the 138 apps for which an organisation with 500–2,000 users uploads, creates, shares, or stores data, there are on average 4 Webmail apps, 7 Cloud Storage Apps, and 17 Collaboration apps. This overlap can lead to security issues, such as misconfigurations, policy drift, and inconsistent access policies.
“Organisations are usually surprised when they discover how many overlapping apps they use. Gaining this visibility is important to helping rein in cloud sprawl and reduce the risks it poses to sensitive data. Once you know how data is being accessed, you can begin enforcing policies that reduce data risks without compromising productivity. Data security and productivity don’t have to be a tradeoff,” concluded Canzanese.
The Netskope Cloud and Threat Spotlight report is produced by Netskope Threat Labs, a team composed of the industry’s foremost cloud threat and malware researchers who discover and analyze the latest cloud threats affecting enterprises.
Findings are based on anonymised usage data between 1 January through 31 May 2022 and relate to a subset of Netskope customers with prior authorisation.
If you liked reading this, you might like our other stories