Security a Rising Concern for Cloud-Based Application Usage

A survey indicates unsafe password management continues to be a challenge, as is the usage of applications not sanctioned by the company.

Although a large majority of businesses are planning to increase the number of cloud applications used in their organizations, 71 percent admit they are using cloud apps that have not been sanctioned by their IT departments, according to a survey of 200 IT and business professionals on the adoption, use and security of cloud applications conducted by identity management provider OneLogin and security consultancy FlyingPenguin.

With access to these applications taking place from a variety of locations including smartphones (80 percent), tablets (71 percent) and non-company computers (80 percent) and with a large percentage of organizations (73 percent) needing to grant temporary access to cloud apps, respondents cited concerns around identity management, governance and complexity.

“This survey demonstrated that 2013 will be a tipping point in cloud adoption,” OneLogin CEO Thomas Pedersen said in a statement. “With enterprises rapidly turning to cloud apps, the inherent risks in practices like using unsanctioned apps or sharing passwords on sticky notes need to be addressed, and quickly.”

The survey indicated unsafe password management continues to be a challenge, with 43 percent of respondents admitting that employees manage passwords in spreadsheets or on sticky notes and 34 percent share passwords with their co-workers for applications like FedEx, Twitter, Staples and LinkedIn. Twenty percent of respondents said they experienced an employee still being able to log in after leaving the company.

"It is no secret that cloud apps need solutions added to improve their security; yet to see 20 percent of app users admit a breach by ex-employees is still a surprisingly high result,” FlyingPenguin President Davi Ottenheimer said in a statement. “The real story behind the 80 percent already using cloud apps already is that 70 percent admit apps came without company approval. In 2013, organizations will need solutions flexible enough to support the 60 percent with more than four apps already in use, and scalable enough to keep up with the 35 percent who plan to add at least four new apps this year."

Nearly three-quarters (72 percent) of the respondents said they have the need to provide external users, such as consultants, with temporary access to the company’s cloud applications, while just under half (48 percent) of respondents said they are still not able to sign in to cloud applications with a single set of credentials.

The survey also found 59 percent of respondents had multiple on-premise directories with Active Directory being cited as the most used directory (40 percent), followed by 17 percent who employ a Lightweight Directory Access Protocol (LDAP) for managing user identities and application access. In addition, 34 percent of respondents claimed that their security model for cloud applications was different than for on-premise applications versus 45 percent claiming it is the same.