Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Insider Threats

3/21/2019
02:00 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

SaaS Ecosystem Complexity Ratcheting Up Risk of Insider Threats

Even with common security platforms like CASBs, organizations struggle to deal with the volume of apps and accounts that interact with business-critical data.

The pressure of increasing software-as-a-service (SaaS) deployments in the enterprise and the complexity of administering accounts across a varied cloud environment is ratcheting up the risk of insider threats. A new study out this week shows IT and cybersecurity professionals are struggling to stem the tide of negligent and malicious insider incidents in this era of pervasive cloud sharing, even when they use common security tools like cloud access security brokers (CASBs).

And while maintaining privacy of customers' personally identifiable information still remains a concern, the greater bulk of cloud-based insider risk revolves around business-critical data. So says the "2019 State of Insider Threats in the Digital Workplace" report, released Wednesday by BetterCloud, which shows almost half of IT leaders believe the rise of SaaS makes them most vulnerable to insider threats today. 

Based on a survey of approximately 500 IT and cybersecurity professionals, along with internal security data at more than 2,000 organizations, the report finds 92% of organizations with more than a quarter of their mission-critical apps in the cloud feel vulnerable to insider threats. Of those SaaS vectors that open them up to insider issues, respondents overwhelmingly name cloud storage and email as the biggest challenges — 75% report these to be the breeding ground of the biggest insider threat risks.

Some of the biggest challenges organizations face when it comes to securing data and applications in SaaS ecosystem is the sheer volume and dynamic nature of applications and account connections in play. Another recent report, the "2019 Annual SaaS Trends Report," by Blissfully, examines SaaS trends across nearly 1,000 companies and finds overall SaaS spending increased by 78% last year.  

At this point, companies now spend more on SaaS than they do on equipping employees with laptops. But, unlike laptops, SaaS vendors can be switched out with very little friction, which means the makeup of any given company's SaaS stack is always in flux. The typical midsize company has seen 39% of its SaaS stack change in the last year, according to the SaaS report. What's more, for every new SaaS app added or changed in an organization's ecosystem, the headache around managing account connections multiplies.

Take the typical organization with 200 to 501 employees. This kind of company uses an average of 123 SaaS apps, according to Blissfully. It sounds manageable, but across those the typical company of that size must keep tabs on an average of 2,700 app-to-person connections. That doesn't even account for the app-to-app connections that start to come into play when SaaS apps are integrated through APIs. 

This pervasiveness and complexity is why so many larger organizations still struggle so mightily to take control over how users interact with and share data in SaaS apps today. After all, SaaS security is hardly a new topic — security strategists have been warning about data security in SaaS for a decade now. While the rise of the CASB has helped many organizations mitigate a lot of their SaaS security risks compared with the early days, this latest insider threat report shows 95% of stakeholders at companies that use a CASB still feel vulnerable to insider threats. The reasons cited for why include the escalating freedom of SaaS users that enable unchecked decentralization of SaaS, blind spots in SaaS security created by new interactions between apps, and the growing complexity of managing configurations and file permissions.  

Plus, whereas in the past cloud and SaaS security was usually a compliance or regulatory concern, BetterCloud's insider threat report shows that 57% of organizations say insider cloud risks are highest around data fundamental to the existential viability of the business. This includes confidential business information and intellectual property. 

According to other recent reports, the pressure is only going to increase. Last month a joint report from Oracle and KPMG found almost half of IT and cybersecurity professionals expect to store the majority of their data in the cloud by 2020. In addition, 92% of organizations said they are concerned about employees following cloud policies to protect that data, and 82% are still so unclear about the shared responsibility model of security that they've experienced a security event as a result. 

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "The security team seem to be taking SiegeWare seriously" 
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-1114
PUBLISHED: 2019-12-05
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.
CVE-2012-1115
PUBLISHED: 2019-12-05
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.
CVE-2012-1592
PUBLISHED: 2019-12-05
A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.
CVE-2019-16770
PUBLISHED: 2019-12-05
A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough.
CVE-2019-19609
PUBLISHED: 2019-12-05
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function.