In the past, the simple sharing of a Microsoft Word document with a colleague over email wasn’t cause for alarm. It wasn’t the kind of event that was regularly reviewed or even recorded by a security operations center.
Maybe it should’ve been. Regardless, in the age of rapid cloud adoption, such document sharing – even over email – is exactly the kind of event that, at least in theory, is monitored by today’s security operations centers (SOCs). And that’s become yet another problem on the growing list of security concerns for enterprises in the age of decentralized and mobilized IT environments.
Skyhigh Networks, a cloud access security broker, released its Q4 2016 Cloud Adoption and Risk Report earlier this month, and it included many data points one might expect: the number of cloud services used by the average enterprise, according to Skyhigh’s customer survey, continues to climb (1,427 services, currently); many of these cloud services still lack proper security controls (just 8.1% of those services meet Skyhigh’s Enterprise-Ready rating); and a growing percentage of files uploaded to cloud file sharing or collaboration services contain sensitive information (18.1%).
But the report also included surprising data on just how much cloud sharing and collaboration services are taxing security teams – even when there are no actual security incidents occurring. For example, according to Skyhigh’s survey, the average enterprise generates 2.7 billion cloud events per month (which includes everything from a file upload/download, document share and user logins).
But just 2,542 of those events on average are anomalous events, and an even smaller number – 23.2 – end up being actual security incidents. The Skyhigh report also states “Security teams widely report inaccurate breach notifications, resulting in alert fatigue and missed incidents.” In other words, the rapid growth of cloud file sharing and collaboration has sent the number of cloud events snowballing down a hill, and security teams are getting buried at the bottom.
“We hear a lot about alert fatigue. There are just so many cloud events and activities per month to monitor,” said Kamal Shah, senior vice president of products and marketing at Skyhigh. “All of those events go to the SOC, which just gets bombarded. They can’t keep up.”
The good news, of course, is just 23.2 of these monthly events constitute actual risks or threats to an enterprise (and even then, the incidents in question may be something as relatively simple as an accidental file exposure). The bad news is that even when things are working smoothly, security teams still struggle to stay above the water line because of the sheer volume of data they must monitor.
There are ways to address the problem, Shah said. User behavior analytics, for example, can help security teams better identify a potential threat and separate pertinent data from the rest of the noise. But, Shad said, companies need to start addressing the problem before they become paralyzed by the mountain of cloud events piling up on them.
“The number of cloud events is growing every quarter, and that makes it harder on enterprises because it’s just too much data,” he said. “And the number is only going to go up.”