Cloud app use within organisations has continued to rise, already increasing 35% since the beginning of 2022, with an average company of 500-2,000 users uploading, creating, sharing or storing data in 138 different apps, and using an average of 1,558 distinct cloud apps each month.
This is according to Netskope, a specialist in Security Service Edge (SSE) and Zero Trust, which has released new research detailing the proliferation of cloud apps used within businesses worldwide.
The ‘Netskope Cloud and Threat Report: Cloud Data Sprawl’ found that more than one in five (22%) users upload, create, share or store data in personal apps and personal instances, with Gmail, WhatsApp, Google Drive, Facebook, WeTransfer, and LinkedIn ranking as the most popular personal apps and instances.
A personal app, such as WhatsApp, is an app that only sees personal usage from personal accounts. A personal instance is a personal account of an app that is also managed by the organisation. For example, someone’s personal Gmail account in an organisation that uses Google Workspaces is a personal instance.
Additionally, highlighting a continued trend in insider risk, the report revealed that one in five users (20%) upload an unusually high amount of data to such personal locations during the 30 days before they leave an organisation, marking an increase of 33% during the same time period last year.
Ray Canzanese, threat research director, Netskope Threat Labs, said: “Cloud apps have helped to increase productivity and enable hybrid work, but they have also caused an ever-increasing amount of data sprawl that puts sensitive data at risk.
“Personal apps and instances are particularly concerning, since users maintain access to data stored in those instances even well after they leave an organisation. Proactive security measures – especially policy controls that limit access to sensitive data to only authorised users and devices and prevent sensitive data from being uploaded to personal apps and personal instances – can help reduce the risks of loss or exposure of sensitive data.”
Additional key findings from the report include:
- Personal app usage is lowest in Financial Services, highest in Retail: The Financial Services sector has the most success in limiting the flow of data into personal apps and instances, with less than one in 10 users (9.6%) doing so, whereas nearly four in 10 (39.1%) of users in the Retail sector upload data to personal apps and instances.
- More users than ever are uploading, creating, sharing, or storing data in cloud apps: The percentage of users with data activity in cloud apps increased from 65% to 79% in the first five months of 2022, with Cloud Storage, Collaboration, and Webmail apps ranking as the top cloud app categories used within organisations.
- Organisations use many apps with overlapping functionality: Of the 138 apps for which an organisation with 500–2,000 users uploads, creates, shares, or stores data, there are on average four Webmail apps, seven Cloud Storage Apps, and 17 Collaboration apps. This overlap can lead to security issues, such as misconfigurations, policy drift, and inconsistent access policies.
“Organisations are usually surprised when they discover just how many overlapping apps they are using. Gaining this visibility is an important step to helping rein in cloud sprawl and reduce the risks it poses to sensitive data. Once you know how data is being accessed, you can begin enforcing policies that reduce data risks without compromising productivity. Data security and productivity don’t have to be a tradeoff,” concluded Canzanese.
The Netskope Cloud and Threat Spotlight is produced by Netskope Threat Labs, a team composed of the industry’s foremost cloud threat and malware researchers who discover and analyse the latest cloud threats affecting enterprises. Findings are based on anonymised usage data between January 1 through May 31, 2022 and relating to a subset of Netskope customers with prior authorisation.