80 percent of company employees use unapproved apps at work, potentially putting business data at risk. The figure, reported by Microsoft, reveals individuals should not be trusted to manage their own data. Instead, a more proactive approach is required.
Julia White, Microsoft’s Corporate Vice President of Azure and Security, disclosed the figure in a blog post this week. Discussing Microsoft’s “multi-faceted” approach to cloud security, White suggested “data protection cannot be left to employees to manage.”
As digital transformation takes hold of workplaces, growing numbers of SaaS services and web-based tools are seeing use. Problems can arise if these platforms aren’t vetted properly by IT. An insecure external server could leak company data to the wider Internet, creating a dangerous situation with far more problems than the benefits offered by cloud agility.
Even when platforms are secured, ensuring employees use just the ones approved is a challenge. With the majority of people still using unapproved apps on work devices, either inadvertently or out of lack of awareness, Microsoft said IT managers should be vigilant and cognisant of the risks.
Monitoring tools can help tech teams to assess the apps being used inside an organisation. Employees can then be informed of the dangers and assisted in migrating to an approved service. Alternatively, if the app stands in good repute, it could be worthwhile adding it to the whitelist. In either case, taking action puts IT a step further towards regaining control of the workplace.
The largest cause of enterprise security breaches continues to be weak or stolen passwords. Compromising an employee’s user account gives attackers an inside look into the company’s digital presence. If a large, all-inclusive cloud platform is breached, a single stolen password could grant access to a diverse range of resources including emails, documents, private contact details and customer data.
To combat this risk, Microsoft advised conditional access be implemented. This AI-powered security technique uses a combination of “risk factors” to assess in real-time whether a user should be given access to a resource. It avoids the issue of a user account being given permanent permissions that could give an attacker unfettered access to the cloud.