As more and more organizations adopt cloud platforms, new shadow IT risk vectors are coming into play in the form of connected third-party apps, according to CloudLock CyberLab’s analysis across 10 million users, 1 billion files, and nearly 160,000 unique applications.
These apps (and by extension, their vendors) are authorized using corporate credentials, have API access to corporate data on multiple SaaS platforms via OAuth connections, and can act on behalf of users to access, delete, store, externalize and exfiltrate data.
The shadow IT dilemma is only becoming more challenging as usage is increasing exponentially year over year. From 2014 to 2016, we’ve seen nearly a 30x increase in apps from 5,500 to nearly 160,000. Each application instance represents a backdoor through which hackers can infiltrate and externalize sensitive corporate assets.
Measuring risk by a combination of access scopes, community-sourced ratings, and expert-driven analytics, the CloudLock CyberLab found that 27% of third-party apps are classified as high risk through which cybercriminals could gain programmatic access to corporate platforms impersonating end users.
Read the full article here.