Cloud DLP policy violations rise as Slack, HipChat, and similar services increase in popularity

Cloud DLP policy violations in collaboration services like Slack and HipChat are on the rise, accounting for nearly 10 percent of total violations this quarter, according to Netskope. These services have skyrocketed in popularity as methods of sharing and downloading data, emphasizing the need for enterprises to put policies in place to ensure this data is safe and secure.

Cloud DLP policy violations

Collaboration service violations on the rise

For the first time, Netskope investigated collaboration services as a separate category for cloud DLP policy violations, as these services continue to rise in popularity within organizations. According to the report, collaboration services make up 9.8 percent of violations.

This quarter, webmail remained the leader in DLP violations with 43.3 percent of violations. Cloud storage came in second with 30.6 percent and other cloud service categories combined to make up 16.3 percent. DLP violations by activity was similar to last quarter’s trends with uploads making up the majority at 65 percent, followed by send at 17.5 percent, download at 16.2 percent, and other at 1.3 percent.

Cloud services still underprepared for GDPR compliance

With the deadline to comply with the European Union General Data Protection Regulation (GDPR) less than a year away, organizations need to ensure they are adopting security protocols that both understand the data flow of all PII in the cloud as well as secure that data. However, there has been little change in GDPR-readiness metrics – 66.9 percent of cloud services do not specify that the customer owns the data in their terms of service, 89.9 percent do not support encryption of data at rest, and 40.7 percent of cloud services replicate data in geographically dispersed data centers.

Organizations that process EU citizens’ data will need to ensure they are placing the appropriate security policies and processes to avoid fines that total up to 20 million euros or up to 4 percent of the organization’s turnover.

Hybrid cloud-and-web threats on the rise

This report introduced the concept of a hybrid threat — malware that use both cloud and web services to deliver malicious payloads to users or perform an attack on a system or a user — an increasingly relevant threat faced by organizations as the lines between web and cloud services converge. These threats may be delivered in a variety of ways, from phishing emails to compromised websites, with command and control servers hosted in places like IaaS, cloud storage services, and websites. This type of threat has increased in occurrence across customers over time, occurring in 3.3 percent of customers this quarter.

“Collaboration services are quickly displacing more traditional ways of communication and collaboration like email, and that means that more data is being shared inside of those services,” said Sanjay Beri, founder and CEO, Netskope. “It’s critical that organizations implement solutions that afford real-time visibility and control, data loss prevention, and threat protection for these services and the many ecosystem services they connect to to ensure that collaboration is not hindered and their sensitive data remains secure.”

Additional findings

Cloud services per enterprise drops slightly: This quarter, the average amount of cloud services per enterprise was 1,053, a slight decrease from 1,071 last quarter. This is the first decline in usage since Netskope began tracking cloud services per enterprise, and may be attributable to the saturation of service usage across organizations. The percentage of services that are not enterprise ready remained steady this quarter at 93.6 percent.

Adware surges to first place in cloud malware detections: This quarter, adware led the pack with 31.7 percent of cloud malware detections. Backdoors dropped to second place with 16.9 percent of detections, down from 37.1 percent last quarter. Following backdoors was Mac malware at 11.0 percent, mobile malware at 15.3 percent, and generic detections at 15.3 percent. The common ransomware delivery vehicles totaled 9.8 percent, consisting of Microsoft Office macros with 4.3 percent, JavaScript 2.4 percent, PDF exploits 1.3 percent, and Flash exploits 0.3 percent.

Slack continues to rise on top 20 list of cloud services: Slack moved up to number 12 (from number 15 last quarter), steadily climbing the list of top 20 most used services as more organizations implement the popular collaboration service.

Average cloud services per enterprise by category

For the first time, the manufacturing industry had the highest average amount of cloud services used, at 1,222 this quarter. Retail, restaurants, and hospitality fell to second place with 1,131. Financial services, banking, and insurance followed at 1,039, with healthcare and life sciences and technology and IT services coming in at 1,014 and 821, respectively.

Within cloud service categories, HR services took the lead with an average of 98, while marketing fell to second place at 87. And, as with previous quarters, the percentage that are not enterprise-ready has held steady at the respective numbers. With the rise of cloud malware and hackers compromising organizations from cloud services, granular controls and traffic inspection from all locations (whether on-premises or off), devices, and apps (sync clients and native mobile apps included) for threats will be critical.