APAC enterprises have fewer high-risk cloud apps

Cisco study shows enterprises in Asia-Pacific have fewer apps that pose a significant risk to network security than those in North America and Europe

Enterprises in the Asia-Pacific (APAC) region have fewer cloud apps that pose a substantial risk to network security than their counterparts in Europe and North America, a study has found.

Based on Cisco’s 2017 annual cybersecurity report, 30% of cloud apps used by APAC enterprises were deemed as high-risk and do not have any security certification. They can also connect to corporate networks to access user information such as documents, navigation history and calendars.

In contrast, enterprises in North America and Europe have a higher proportion of high-risk apps, at 31% and 32% respectively.

With more enterprises warming up to cloud services, employees are more likely to access cloud-based business apps through their corporate networks. These apps may pose a risk to network security, especially if they have not been sanctioned by the IT department in what is known as “shadow IT”.

According to Cisco, shadow IT apps “touch the corporate infrastructure and can communicate freely with the corporate cloud and software-as-a-service (SaaS) platforms as soon as users grant access through open authentication”.

“These apps can have extensive – and, at times, excessive – access scopes. They must be managed carefully because they can view, delete, externalise and store corporate data, and even act on behalf of users,” it added.

Cisco said for enterprises to identify suspicious behaviour in corporate SaaS platforms and third-party cloud apps, IT security teams must sift through billions of user activities to define normal patterns of user behaviour in their organisation’s environment.

“They should also look for anomalies that fall outside those expected patterns. Then they need to correlate suspicious activities to determine what might be a true threat that requires investigation,” it noted.

Read more about cybersecurity in ASEAN

An example of suspicious activity, Cisco said, could be excessive login activity from several locations in a short period. “If one user starts logging in to that application from 68 countries over the course of one week, a security team will want to investigate that activity to confirm that it is legitimate,” it added.

That said, Cisco found that only one in 5,000 user activities associated with connected third-party cloud applications was suspicious. The challenge for security teams is pinpointing that one instance, which can be achieved through the use of user and entity behavioural analytics (UEBA).

According to technology research company Gartner, “UEBA provides user-centric analytics around user behaviour, but also around other entities such as endpoints, networks and applications. The correlation of the analyses across various entities makes the analytics results more accurate and threat detection more effective”.

Wong Onn Chee, an IT security expert, told Computer Weekly that while analytics can help to make sense of large volumes of security-related events, there are limitations when it comes to detecting threats that make use of seemingly legitimate cloud applications hosted on Facebook and Google.

“There are cyber criminals who make use of Facebook and Google infrastructure to push malware,” he said. “In such cases, will the activities of a social media community manager who unknowingly downloads malware from Facebook be flagged as suspicious?”

Read more on Information technology (IT) in ASEAN