Most Businesses Haven't Inspected Cloud Services For Malware

Ian Barker, reporting for BetaNews: Echoing the findings we reported earlier that companies leave cloud protection to third-parties, a new study from cloud security company Netskope reveals most companies don't scan their cloud services for malware either. The study conducted with the Ponemon Institute shows 48 percent of companies surveyed don't inspect the cloud for malware and 12 percent are unsure if they do or not. Of those that do inspect 57 percent of respondents say they found malware. It also shows that while 49 percent of business applications are now stored in the cloud, fewer than half of them (45 percent) are known, officially sanctioned or approved by IT.

How?

Exactly how does one scan for malware on the cloud?

Do they mean scanning files once downloaded on your computer?

Scanning local app installers required to use the cloud app?

Because short of that, there is no way to scan a cloud application. Sure your AV can scan URLs and content download on your machine via web rbwoser, but if you access services via an app on a lockdown mobile device, how do you scan that?

Scanning packets sent by cloud provider? How do you accomplish that if it's all encrypted?

News flash: they don't care.

[LTIfox]

True story: A guy I know was developing cloud based real estate management suite. Lots of sensitive information in there as you can imagine.
So I was, like, "Are you nervous about hackers and stuff because it is hosted God knows where by God knows whom?"
And they guy's reply was: "Nope. I have this here certificate"
I was like: "But that certificate will not protect you from hackers!"
He replied: "It would".
Me: "What?! Are you nuts?!"
He looks at me as I'm a kind of an idiot and patiently explains that he does not care if users data will get stolen or not. If something bad happens - his ass is protected by this here certificate. I.e. he did his due diligence and whatever happened is not his fault.
Me: "..."