Key Findings
Based on aggregated, anonymised data collected from the Netskope Security Platform across millions of users from August 1 through December 31, 2019, key findings of the report include:
The overwhelming majority (89%) of enterprise users are in the cloud, actively using at least one cloud app every day. Cloud storage, collaboration, and webmail apps are among the most popular in use. Enterprises also use a variety of apps in those categories - 142 on average - indicating that while enterprises may officially sanction a handful of apps, users tend to gravitate toward a much wider set in their day-to-day activities. Overall, the average enterprise uses over 2,400 distinct cloud services and apps.
Top 5 Cloud App Categories
Top 10 Most Popular Cloud Apps
Nearly half (44%) of threats are cloud-based. Attackers are moving to the cloud to blend in, increase success rates and evade detections. Attackers launch attacks through cloud services and apps using familiar techniques including scams, phishing, malware delivery, command and control, formjacking, chatbots, and data exfiltration. Of these, the two most popular cloud threat techniques are phishing and malware delivery. The top threat techniques in the cloud are phishing and malware delivery.
Top 5 Targeted Cloud Apps
Over 50% of data policy violations come from cloud storage, collaboration, and webmail apps, and the types of data being detected are primarily DLP rules and policies related to privacy, healthcare, and finance. This shows that users are moving sensitive data across multiple dimensions among a wide variety of cloud services and apps, including personal instances and unmanaged apps in violation of organizational policies.
One-fifth (20%) of users move data laterally between cloud apps, such as copying a document from OneDrive to Google Drive or sharing it via Slack. More importantly, the data crosses many boundaries: moving between cloud app suites, between managed and unmanaged apps, between app categories, and between app risk levels (Netskope Cloud Confidence Levels). Moreover, 37 per cent of the data that users move across cloud apps is sensitive. In total, Netskope has tracked lateral data movement among 2,481 different cloud services and apps, indicating the scale and the variety of cloud use across which sensitive information is being dispersed.
One-third (33%) of enterprise users work remotely on any given day, across more than eight locations on average, accessing both public and private apps in the cloud. This trend has contributed to the inversion of the traditional network, with users, data, and apps now on the outside. It also shows increasing demand on legacy VPNs and questions the availability of defences to protect remote workers.