[March 31, 2015] |
|
Skyhigh Report Highlights Corporate Risks From Business Partners
Security does not end at the corporate perimeter. Skyhigh
Networks, the Cloud Security and Enablement Company, today released
the seventh edition of its quarterly Cloud Adoption and Risk Report. The
Q1 2015 report, derived from analysis of actual cloud usage across over
17 million employees, expands its scope to include the risk to
enterprises from business partners connected through the cloud.
After vendors served as entry points in recent high-profile breaches,
security vulnerabilities associated with partners have received
increased attention. The report reveals that cloud services are rapidly
becoming the primary connectors between businesses, with the average
company connecting with 1,555 partners. The report measured partner risk
based on several security attributes and found that 8% of all partners
are high-risk and that 30% of total data shared with partners is shared
with high-risk partners.
The full report is available here: http://www.skyhighnetworks.com/cloud-report/
"Security of any enterprise is only as strong as its weakest link, and
recent breaches have shown that partners are often the weakest link,"
said Sekhar Sarukkai, co-founder and VP of Engineering at Skyhigh
Networks. "Therefore, enterprises must have visibility into the security
riks of their business partners so they can take the necessary steps to
protect themselves."
8% of Partners Are High-Risk but Receive 30% of Data A
number of attributes can classify a partner as high-risk, including
being affected by malware of botnets, having compromised identities for
sale on the Darknet, suffering from a breach, or being exposed to
vulnerabilities such as POODLE. High-risk partners receive 30% of all
data shared with partners - a disproportionately large amount.
58 "Super Partners" Are Connected to Over 50% of Enterprises Many
partners are well connected among the largest organizations, meaning a
vulnerability within a single partner could have far-reaching
consequences. The risk of these super partners is higher than the
overall rate, with 12.5% considered high-risk. Top super partners
include pest control, IT services, software, equipment manufacturing,
hospitality, and consulting companies.
One Partner Has Over 9,000 Compromised Identities and 200 Devices
with Malware The report gives the risk attributes for several
example partners. One airline had 9,716 credentials for sale on the
Darknet and 209 devices infected with malware. A financial services
technology provider had 1,216 compromised identities across 19 Darknet
sites. An advertising agency had 1,565 compromised identities for sale
across 29 Darknet sites. All three partners are still vulnerable to
POODLE.
Enablers of the Cloud Economy Certain cloud services stand
out as hyper-connectors, enabling the highest number of partner
connections. The top cloud connectors in the customer support category
are Zendesk, Salesforce, and GrooveHQ. For file sharing, Sharefile, Box (News - Alert),
and Wiredrive are the top connectors. In the collaboration category, the
top connectors are Cisco WebEx, Slack, and Office 365.
Highest Risk Partner Categories Not all partner categories
are equal when it comes to risk. Telecommunications companies had the
highest percentage of high-risk businesses, at 30% - double the rate of
the tenth highest-risk category, Travel. Security teams should pay
special attention to interactions with partners falling into the
categories on this list.
About Skyhigh Networks Skyhigh Networks, the cloud security
and enablement company, helps enterprises safely adopt cloud services
while meeting their security, compliance, and governance requirements.
Enterprises including Aetna, Cisco, DIRECTV, HP, and Western Union (News - Alert) use
Skyhigh to gain visibility into all cloud services in use and their
associated risk; analyze cloud usage to identify security breaches,
compromised accounts, and insider threats; and seamlessly enforce
security policies with encryption, data loss prevention, contextual
access control, and activity monitoring. Headquartered in Campbell,
Calif., Skyhigh Networks is backed by Greylock Partners, Sequoia, and
Salesforce.com (News - Alert). For more information, visit us at www.skyhighnetworks.com or
follow us on Twitter (News - Alert) @skyhighnetworks.
[ Back To TMCnet.com's Homepage ]
|