Cloud Apps & Security: When Sharing Matters

By far the coolest thing about cloud apps is the ability to share data. Whether you’re sharing the latest sales presentation, a link to a customer video, a win/loss report, or a transaction analysis in your business intelligence app, the ability to click a link and quickly collaborate with your team, your boss, or your partner is critical.

Every quarter at Netskope, we do a retrospective analysis on usage, activities, and policy violations in our cloud. We look at anonymized, aggregated data across tens of billions of transactions from millions of users and report on trends in the Netskope Cloud Report. A key theme that emerged this quarter is the activity of sharing.

When we think of sharing, what comes to mind is sharing documents like presentations and contracts within a cloud storage app like Box, Google Drive, or Egnyte. Yes, it’s definitely that; in fact, within that category, there are three shares for every one upload. That’s a pretty telling statistic about data movement in the cloud via the sharing activity.

But perhaps even more telling is that sharing is happening all over the cloud, not just in cloud storage apps. We cover 55 different app categories, from customer relationship management, to finance and accounting, to human resources, to supply chain management. We noticed that people share in apps in 49 of those categories. More than one out of every five cloud apps enables sharing. Three popular non-storage apps that enable sharing include financial and human resources app Workday, project management app Trello, and productivity app Evernote.

If you are a member of an enterprise security team you are likely responsible for protecting your organization’s sensitive data. But you probably have little or no visibility into the cloud apps running in your IT environments -- let alone which of those apps enable sharing, and whether data is being uploaded to and shared from those apps.

Sharing can be very benign or very risky, depending on content and context. It can range from a user sharing pictures from a company picnic to an “insider” sharing nonpublic financial results with investors, an engineer sharing top secret product designs with collaborators outside of the company, or an executive inadvertently sharing the company’s acquisition plans with an unauthorized party.

The trick is to know which apps are running in your environment, which enable sharing, and what data they house. Having that data in your hands helps you have a fruitful conversation with your line of business leaders about the risks and benefits of the apps, the data in those apps, and how and with whom it's being shared. Only then can you address the real security risk and create policies that shape sharing versus blocking cloud apps altogether.

Do you know how much uploading and downloading to the cloud is going on in your organization? Let's chat about that in the comments.