Companies around the world have reason to be worried about the use of cloud applications to share mission-critical information, as one in five employees have uploaded proprietary corporate data to a cloud application, such as Dropbox or Google Docs, with the specific intent of sharing it outside of the company, according to a Sailpoint survey conducted by Vanson Bourne.
Just 28 percent of the 1,000 respondents surveyed by stating that corporate policies pay close attention to who is granted access to mission-critical software-as-a-service (SaaS) apps.
The survey also found a clear disconnect between cloud usage across the business and existing IT controls with 66 percent of users able to access those cloud storage applications after leaving their last job.
“By the very nature of the data and applications that employees need the ability to access, ‘insiders’ posed significant risk, Kevin Cunningham, president and founder of SailPoint,” told eWEEK. “Internal breaches can stem both intentional and unintentional actions from employees, contractors and partners, including brazen theft, accidental exposure and hackers using someone’s credentials.”
Cunningham explained that if one thinks of what employees have access to, any of these breaches could be sharing a list of customers’ personal information, exposing proprietary corporate data or giving a customer list to a competitor.
“Any insider attack could cost a company millions of dollars, in addition to a damaged reputation,” he warned.
Despite the fact that 60 percent of employees stated they were aware that their employer strictly forbids taking intellectual property after leaving the company, one-quarter admitted they would take copies of corporate data with them when leaving a company.
More than one-quarter (29 percent) of U.S. respondents are aware of corporate policy that pays close attentions to who is granted access to cloud applications with mission-critical data, and 24 percent of American respondents said they had purchased or deployed a cloud application (such as Salesforce.com, Concur, Workday, DropBox, DocuSign) without the help of IT.
“Perhaps the most eye opening finding is that one in five employees openly admitted that they have uploaded proprietary corporate data to a SaaS app like Dropbox or Google Docs, with the specific intent of sharing it outside of the company,” Cunningham said. “Let that stat sink in for a minute–one in five employees admit to using a consumer cloud app to share IP or other sensitive data. This is the same data that is typically kept under lock and key behind the firewall. “
An alarming 69 percent of U.S. respondents said they were able to access corporate data via cloud storage applications (including Dropbox and Google Docs) after they left their companies, though the number was similarly high in Australia (56 percent), France (70 percent), Germany (70 percent), the Netherlands (61 percent) and the United Kingdom (61 percent).
“I think that all organizations are susceptible to insider threats–both large and small,” Cunningham said. “But, it is much harder to manage once you get beyond 1,000 employees or more. And the larger the organization, the more likely the need to share information across corporate boundaries with contractors or partners just adds to the level of complexity.”