Slashdot Mirror

← Back to Stories (view on slashdot.org)

Study: 15 Per Cent of Business Cloud Users Have Been Hacked

Posted by samzenpus on from the no-silver-lining dept.

An anonymous reader writes Recent research has identified that only one in ten cloud apps are secure enough for enterprise use. According to a report from cloud experts Netskope, organizations are employing an average of over 600 business cloud apps, despite the majority of software posing a high risk of data leak. The company showed that 15% of logins for business apps used by organizations had been breached by hackers. Over 20% of businesses in the Netskope cloud actively used more than 1,000 cloud apps, and over 8% of files in corporate-sanctioned cloud storage apps were in violation of DLP policies, source code, and other policies surrounding confidential and sensitive data. Google Drive, Facebook, Youtube, Twitter and Gmail were among the apps investigated in the Netskope research.

8 of 72 comments (clear)

  1. It's a lie! by Runaway1956 · · Score: 4, Funny

    The vendors have assured us that their servers are secure!

    --
    "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    1. Re:It's a lie! by MrBigInThePants · · Score: 4, Insightful

      I am sure it was those dastardly cloud people!

      In unrelated news....15% of passwords were set to "password" or similar....

      80% of the data was of little use.

      100% of the data was irrelevant to the well being and/or advancement of humanity.

  2. Achilles heel of the cloud apps.... by erp_consultant · · Score: 5, Interesting

    I've been around long enough to see things comes and go. The current flavor of the month is "cloud". Cloud this, cloud that. Even the behemoths of the ERP world - Oracle and SAP - are making an aggressive push to "the cloud". Companies like Workday and Salesforce are growing at a tremendous rate.

    It all seems very appealing. Say goodbye to multi year implementations and increasingly difficult and costly upgrades. Rent it by the seat rather than making large capital outlays. Fully object oriented design. Open standards vs. proprietary tools. Lots of great benefits.

    But.....

    As Willie Sutton once famously stated when asked why he robbed banks..."because that's where the money is". The data of your company, and other companies in the typical "multi-tenant" configuration is all in the one place. The bad guys know this. They will target these data centers to be sure.

    You are essentially taking your data from an environment you can control (largely) to one you cannot. That is a huge leap of faith.

    I expect that it is only a matter time before there will be a massive data breach for hosted cloud apps. We're not talking about someone's email account or twitter account. We're talking about an entire database full of SSN's and other personal information getting stolen. Everyone in your company and possibly customer and partner data as well. I don't want to be the one holding that press conference.

  3. true, but daily hacks by raymorris · · Score: 4, Insightful

    You make a good point. Also, every other day we see another story of "XXX million lost in hack".

        It's become so frequent we almost get completely numb to it. A week ago, someone posted here that Microsoft hadn't had any significant issues in a while - 48 hours after their Xbox network was taken down for several days. Having the whole network down for a several days is so common that we forget all about it a couple of days later. That's how common major security issues are right now. We need to make some significant changes in how we develop systems.

  4. Slashdot Has Been Hacked by PRNewswire.com by retroworks · · Score: 4, Informative

    Read the Summary, followed the links, ran the numbers. The firm that posted the PRNewswire.com press release obviously offered the Slashdot summary, and there is no solid data or info except "BE AFRAID! (And by the way, we are in the be-less-afraid-,-security-business). Perhaps there's plenty of discussion to be had on the premise, but the premise arrived via BINSPAM.

    --
    Gently reply
  5. Re:Encryption . . . anyone ? by Shados · · Score: 4, Interesting

    If a big part of the service is actually manipulating your data (email, database, charts, data analysis, etc...), then it needs to get decrypted somewhere at some point. The data can be intercepted then.

  6. Re:Encryption . . . anyone ? by dbIII · · Score: 4, Insightful

    It's 2015. . . who the hell puts anything on " The Cloud " without first heavily encrypting it ?

    Your HR department and your payroll staff.

  7. Re:Investigated... but were they vulnerable? by arglebargle_xiv · · Score: 4, Funny

    I also like the term "not enterprise-ready". What does this mean exactly? They don't have the word "Enterprise" in the product name? They don't cost $50,000 minimum?

    New Netskope report out, now with 27% more statistics showing that 51% of things differ from a previous 37% that you weren't expecting 76% of the time!