The latest edition of the Netskope Cloud and Threat Report reveals a fascinating insight into what everyone has been getting up to on their laptops from home, and Paolo Passeri, Cyber Intelligence Principal, explains why we should all be a little bit more on guard.

2020 ended with users in medium-sized organisations using 109 more apps (on average) than they had done at the start of the year, and this growth was largely driven by two categories of app; collaboration apps and consumer apps, together accounting for 30% of the overall increase.

Both of these category increases can be attributed to the COVID-19 pandemic and sudden shift to remote work; with the increase in collaboration apps driven by a remote workforce’s need to stay connected and the consumer apps highlighting a blurring of lines between work and home, with more managed devices being used for personal reasons.

Fastest-spreading apps

The report authors define ‘fastest-spreading’ as those apps that were adopted by the most new organisations over the course of the year. For example, Discord is one of the fastest spreading collaboration apps because it was used in 21% of all organisations at the beginning of the year and 48% at the end of the year, a 27-point increase in the number of organisations with Discord users.

Alongside this metric, the authors also measure ‘fastest-growing’ apps. ‘Fastest-growing’ apps are those apps for which the biggest increase in the number of users were recorded. For example, Microsoft Teams was the fastest-growing collaboration app, used by 12% of users at the beginning of the year and 21% of users at the end of the year, a 9-point increase. It is not, however, one of the fastest spreading apps. It was used by 69% of organisations at the beginning of the year and 70% at the end of the year, an increase of only 1-point.

Fastest growing apps generally increased their penetration within companies where they were already present, while fastest spreading apps reached into the greatest number of new organisations.

This separation means we don’t see many of the big-name enterprise apps in the fastest-spreading list. The fastest-spreading apps are up-and-comers and other apps that just haven’t historically seen much use on managed devices.

So, what were the fast spreaders between those top two categories where we saw the most growth (collaboration and consumer)?

Cloud and threat report infographic

Cloud and threat report infographic (Click to view larger image)

Fastest-spreading collaboration apps

The fastest-spreading collaboration apps represented a wide range of functionality. The following list provides some examples of the fastest-spreading collaboration apps and the functionality each of them provides:

  • Discord - Chat
  • Lumin PDF - PDF editing
  • com - Project management
  • Mentimeter - Interactive presentations
  • Miro - Online whiteboarding
  • Zoom - Video conferencing
  • Loom - Video messaging

Most of the fastest-spreading collaboration apps are ostensibly business-related, driven by the COVID-19 pandemic and the shift to remote work. Groups seeking to stay connected have turned to these apps to provide a facsimile of the in-person interactions they used to have before the pandemic started. Apps in this class include Mentimeter, Miro, Zoom, and Loom. Others, like Discord, are commonly used for both business and personal reasons. For example, while multiple conferences in the past year used Discord as a chat platform, Discord’s primary user base is gamers.

Fastest-spreading consumer apps

This is a list that perfectly illustrates the assertion that 2020 saw the lines between work and home begin to blur. Many of the fastest spreading apps identified by the ‘Cloud and Threat Report’ are apps that have been popular for a long time but were rarely used on managed devices in the enterprise. Gaming, video, and image sharing apps lead the way in this list - with the prevalence of LEGO clearly showing that it isn’t just the household’s grown-ups’ hobbies that are finding their way onto corporate devices.

  • Xbox LIVE
  • LEGO
  • Dailymotion
  • Hulu
  • Imgur
  • Giphy

Shadow cloud IT

These fast-spreaders are indicative of a broader trend. The report authors classified 97% of the cloud apps in use in the enterprise as being ‘not managed by a centralised IT or security function’. Instead, these are apps that are freely adopted within business units or by individual end-users. In other words, whether they are being used for work or personal reasons, 97% of the cloud apps in use in the enterprise are cloud shadow IT.

One way in which this becomes problematic is when users start uploading sensitive company data to apps that aren’t designed to handle sensitive data. Overall, the report found that 47.5% of apps in use in the enterprise have a Cloud Confidence IndexTM (CCI) rating of ‘Poor,’ a rating that Netskope assigns to apps that put sensitive data at risk - apps enterprises should avoid using and instead migrate to safer alternatives.

Netskope scores apps based on publicly available information and responses to questionnaires submitted by the app vendors. Apps are scored based on multiple dimensions across data protection, certifications, access control, auditability, disaster recovery, business continuity, legal, and privacy. Reasons contributing to an app’s ‘poor’ rating include:

  • Not having compliance certifications
  • Not having any data centre certifications
  • Not encrypting data at rest
  • Not having any disaster recovery support
  • Not having offsite backups
  • Not allowing customer-managed encryption keys
  • Claiming ownership of user-uploaded data

Among the top ‘poor’ apps in use on managed devices were personal email providers and online file editing services, including:

  1. Yahoo Mail
  2. PDF to PNG
  4. AOL Mail

At the other end of the spectrum, a combined 22% of all apps used in the enterprise have a ‘high’ or ‘excellent’ rating, indicating that they are ready for enterprise use.

Authorised points of entry

But the security of the specific app is only part of the dynamic that the report highlights. 61% of all malware delivered in 2020 came from cloud apps, and although the report authors identified 95 different applications unwittingly housing these malicious downloads, it wasn’t the lesser-known apps that were causing the most trouble. In fact, 27% of all malware downloads identified were delivered via Microsoft Office documents (a number that went as high as 38% in the peak months of the Emotet malicious campaign).

Add to this picture, the fact that 83% of users are accessing personal instances of apps such as OneDrive and Google Drive on their corporate devices, and you can easily see the path many nefarious actors are eyeing up, aiming to side-step from personal to corporate cloud app instances in search of high value data to steal.

The Netskope Cloud and Threat Report (Winter 2021 edition) is a wake-up call to all network and security professionals. With users and devices seemingly permanently camped outside of our security perimeter, following the applications that headed out to the cloud over the last few years, visibility and control need to be a priority for us all as we architect data and threat protection that can keep up with both the bad guys and the unthinking employee.