Security does not end at the corporate perimeter. Skyhigh Networks, the cloud security and enablement company, today released the sixth edition of its quarterly Cloud Adoption and Risk Report. The Q1 2015 report, derived from analysis of actual cloud usage across over 17 million employees, expands its scope to include the risk to enterprises from business partners connected through the cloud.
After vendors served as entry points in recent high-profile breaches, security vulnerabilities associated with partners have received increased attention. The report reveals that cloud services are rapidly becoming the primary connectors between businesses, with the average company connecting with 1,555 partners. The report measured partner risk based on a several security attributes and found that 8% of all partners are high-risk and that 30% of total data shared with partners is shared with these high-risk partners.
“Security of any enterprise is only as strong as its weakest link and recent breaches have shown that partners are often the weakest link,” said Sekhar Sarukkai, co-founder and VP of engineering at Skyhigh Networks. “Therefore, enterprises must have visibility into the security risks of their business partners so they can take the necessary steps to protect themselves.”
8% of partners are high-risk, but receive 30% of data
A number of attributes can classify a partner as high-risk, including being affected by malware of botnets, having compromised identities for sale on the darknet, suffering from a breach, or being exposed to vulnerabilities such as POODLE. High-risk partners receive 30% of all data shared with partners -- a disproportionately large amount.
58 “super partners” are connected to over 50% of enterprises
Many partners are well connected among the largest organisations, meaning a vulnerability within a single partner could have far-reaching consequences. The risk of these super partners is higher than overall rate, with 12.5% considered high-risk. Top super partners include pest control, IT services, software, equipment manufacturing, hospitality, and consulting companies.
One partner has over 9,000 compromised identities and 200 devices with malware
The report gives the risk attributes for several example partners. One airline had 9,716 credentials for sale on the darknet and 209 devices infected with malware. A financial services technology provider had 1,216 compromised identities across 19 darknet sites. An advertising agency had 1,565 compromised identities for sale across 29 darknet sites. All three partners are still vulnerable to POODLE.
Enablers of the cloud economy
Certain cloud services stand out as hyper-connectors, enabling the most partner connections. The top cloud connectors in the customer support category are Zendesk, Salesforce, and GrooveHQ. For file sharing, Sharefile, Box, and Wiredrive are the top connectors. In the collaboration category, the top connectors are Cisco WebEx, Slack, and Office 365.
Highest risk partner categories
Not all partner categories are equal when it comes to risk. Telecommunications companies had the highest percentage of high-risk businesses, at 30% -- double the rate of the tenth highest-risk category, travel. Security teams should pay special attention to interactions with partners falling into the categories on this list.