Security

01:40 PM
Becca Lipman
Becca Lipman
Commentary
Connect Directly
Facebook
Google+
Twitter
RSS
E-Mail
50%
50%

Financial Service Employees Ranked 2nd-Riskiest Users of Cloud Services

Skyhigh Networks reports that financial services demonstrated some of the most risky behaviors among major industries.

The cloud access security company Skyhigh Networks released its fifth quarterly Cloud Adoption and Risk Report (registration required) and found that the financial services industry is the second-riskiest vertical based on employee behavior.

The findings are based on the average number of malware incidents and data exfiltration events collected over the last quarter from more than 10.5 million enterprise employees across major industry verticals.

Though enterprises have begun adopting cloud applications to expand their business, employees are bringing many of their own apps into the workplace and on to corporate devices. In 2014, the average number of cloud services used by an enterprise came in at 738, 10 times more than what IT typically expects from its employees.

Employees put many kinds of sensitive information into cloud applications that their corporate IT does not support, like Sharefile and Dropbox. And something as simple as logging into Evernote or a photo-sharing app with the same password as the one used for a corporate account can offer an easy avenue for hackers.

Skyhigh considers cloud applications high-risk when they lack security features like multi-factor authentication and encryption and have grey areas in the user agreements around the rights to use data uploaded to the program. These applications may also have "a discouraging known-compromise history" and permit risky behaviors, such as anonymous use. According to the report, the average company uploaded 86.5 GB to a high-risk service.

High-tech was the riskiest vertical for malware and data leaks by a large margin, well ahead of all other industries. This makes some sense, since these companies tend to be early adopters and "have permissive policies regarding the use of cloud services."

Financial services came in second, just ahead of healthcare. Given the regulatory requirements both these industries face, and the amount of money spent on building appropriate infrastructure, these rankings should really be an eye opener for management.

"Employees in financial services are no different than employees anywhere," Rajiv Gupta, CEO and co-founder of Skyhigh Networks, told us. "We all want to get our jobs done in an efficient way. We choose highly usable, flexible, scalable services in our personal lives, and we want to use the same things in our professional lives."

The report raises an alarm because regulated companies are pretty flush with resources to build an infrastructure that maintains risk, he said, but at the end of the day, these verticals find they are not that much better in terms of risk.

Other findings
Skyhigh ranked the top 20 enterprise and consumer cloud services. Topping the enterprise list, perhaps unsurprisingly, are Amazon Web Services, Office 365, Salesforce, Cisco Webex, Box, Yammer, ServiceNow, SuccessFactors, Adobe Exchange, and LivePerson.

The list of consumer cloud services used in the workplace is also composed of familiar names. Topping the list are Facebook, Twitter, Apple iCloud, YouTube, LinkedIn, Dropbox, Gmail, Google Docs, Pinterest, and Instagram.

"There are legitimate reasons employees are using consumer apps in the enterprise at work -- for example, a social media manner posting on the company's Facebook page," the report said. "However, consumer apps can present real risks to enterprises. Data loss in consumer apps can occur due to malware or insider threat."

Becca Lipman is Senior Editor for Wall Street & Technology. She writes in-depth news articles with a focus on big data and compliance in the capital markets. She regularly meets with information technology leaders and innovators and writes about cloud computing, datacenters, ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Becca L
50%
50%
Becca L,
User Rank: Author
8/30/2014 | 9:02:07 PM
Re: Oh no
Perhaps it all comes back  to building a sound corporate policy, classifying data and deciding what information needs X level of protection. It's terrible that this is happening in such a risky way, but there's little companies can do beyond education to stop users from downloading unsecure cloud apps. They have to have an open conversation in which they acknowledge the reality of user behavior and talk about pragmatic security.
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Author
8/13/2014 | 4:01:12 PM
Re: Human nature
Jon, as you stated, there is often confusion between banks and cloud providers about who is responsible. That is one of the reasons why many banks have been slow to move to the cloud.

As far as the regulators are concerned, however, all of the responsibity belongs to the bank, no matter what is says in SLAs.
Jonathan_Camhi
50%
50%
Jonathan_Camhi,
User Rank: Author
8/11/2014 | 3:55:18 PM
Re: Human nature
It's not just employees using cloud apps that could create security risks. There's often issues with the enteprises' approved cloud vendors too in terms of confusion over who has what responsibilities in regards to security. Those issues will get worked out over time as companies gain more experience with the cloud, but for now they are a big concern and show the need for greater communication and education between cloud providers and clients.
Byurcan
100%
0%
Byurcan,
User Rank: Author
8/8/2014 | 10:37:14 AM
Oh no
Well this isn't good news, considering fianncial services employees are dealing with the most valuable and sensitive of data. I guess there is always more training needed on proper protocol. 
KBurger
100%
0%
KBurger,
User Rank: Author
8/8/2014 | 9:16:27 AM
Human nature
This actually surprises me, given everything we've reported and heard industry folks discuss about security concerns @ the cloud, etc. I'm not surprised that there are issues, but am surprised that the problem is so extensive in financial services. But I guess it comes down to human nature, as Rajiv Gupta says: "Employees in financial services are no different than employees anywhere. We all want to get our jobs done in an efficient way. We choose highly usable, flexible, scalable services in our personal lives, and we want to use the same things in our professional lives." It's kind of a Pandora's box, in that there's no going back on restricting employees' use of these cloud-based capabilities. Financial services firms have to figure out how to channel this aspect of consumerization to boost productivity and employee engagement without increasing risks.
More Commentary
One Size Fits Nobody in End User Services
How building profiles from employees' roles and behaviors can help optimize your end user services.
'Enlightened' Non-IT Execs More Likely To Run Secure Organization
Do senior executives understand their role in data security? On the whole, unsurprisingly, no.
No Screwups, Please, We’re Banks
Changing a bank's culture is not going to happen overnight, but having the right tools and levers in house will surely make a big difference over time.
You’re Doing BYOD Wrong: These Numbers Prove It
Almost 40% of users who connect personal mobile devices to corporate networks have no lock-screen mechanism set in place.
Citibank Brazil Deploys Award-Winning BPM Solution: Now What?
Citibank Brazil automated commercial customer onboarding and reduced cycle time by 70%. But how can a global organization harness the successes of its islands of solutions?
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - Elite 8, October 2014
The in-depth profiles of this year's Elite 8 honorees focus on leadership, talent recruitment, big data, analytics, mobile, and more.
Video