BYOD, Cloud Applications Heighten Corporate Security Risks

 
 
By Nathan Eddy  |  Posted 2013-12-16
 
 
 

Cloud applications and mobile devices are increasing security and compliance risk at many enterprises in the United States and the United Kingdom, according to the results of a survey of 400 IT decision makers conducted by independent research firm Loudhouse.

The survey, commissioned by identity and access management (IAM) provider SailPoint, found 57 percent of respondents had experienced the loss of company-owned devices containing sensitive information, and 81 percent are concerned about business users sharing passwords across personal cloud and corporate apps to sensitive data.

Results indicate that while global enterprises are embracing cloud technologies and bring-your-own-device (BYOD) initiatives, they do not have IT controls in place to properly manage them, putting themselves at an increased risk of fraud, theft and privacy breaches.

In the last year, more than one-half of the respondents said they have experienced situations where terminated workers tried to access company data or applications after they left the organization.

As many as 41 percent of respondents admitted to an inability to manage cloud applications as part of their IAM strategy. Exacerbating the problem, just 41 percent have a process in place to automatically remove mission-critical data from mobile devices.

Cloud technologies are considered so advantageous that 63 percent of enterprises said they require IT decision makers to evaluate cloud applications as part of every software procurement process.

The survey also found 84 percent of enterprises use cloud-based applications to support major business processes, and 82 percent of respondents allow employees to use their personal devices to access company data or applications at work.

"There's no denying it, cloud and mobile technologies are becoming mainstream. But, as our survey indicates, enterprises are still catching up to the required levels of oversight and control they need," Jackie Gilbert, chief marketing officer and founder of SailPoint, said in a statement. "With our survey finding that as many as 59 percent of mission-critical applications will be stored in the cloud by 2016, the need for better management of cloud and mobile access is only going to rise."

In addition, 46 percent of respondents are not confident in their ability to grant or revoke employee access to applications across their full IT infrastructure, and 51 percent believe that it's just a matter of time before another security breach occurs.

More than one-half (52 percent) admit that employees have read or seen company documents that they should not have had access to, and worryingly, 45 percent said they believe that employees within their organization would be prepared to sell company data if offered the right price.

"Organizations need to have automated policy and controls in place to monitor and manage user access across the entire enterprise--including mobile and cloud applications--in order to minimize security and compliance risk," Gilbert said. "And as our survey indicates, the growing adoption of cloud and mobile technologies is making the problem significantly worse. It's pretty clear that if you’re not proactively managing cloud and mobile access today, you're at increased risk of fraud, data theft and security breaches."

Rocket Fuel