Study: Enterprise Filters Miss High-Risk Sites

For most companies, blocking a cloud service such as Netflix is a no brainer, as it saps both bandwidth and productivity.

However, IT administrators need to think differently about cloud services to better secure their company and its data, Rajiv Gupta, co-founder and chief executive of cloud security firm Skyhigh Networks, told eWEEK.

Risky services

In a study released last week, the company found that customers are more likely to block popular safe services than more risky services that could compromise security or cause data leaks.

The study, based on data from customers that use Skyhigh’s network monitoring service, found that 46 percent of firms blocked Netflix, 45 percent blocked Foursquare and 39 percent blocked Apple iCloud, but that no companies blocked MovShare, myCapture or FileFactory – all considered high-risk services by the firm.

“Companies are taking yesterday’s approach to blocking,” Gupta said. “IT is still taking a productivity and bandwidth based approach rather than risk-based approach to what they need to block.”

As a greater variety of cloud services appear, companies need a more risk-based strategy to determine which services employees can use, he said. With workers using an average of more than 500 different cloud services, the task is not an easy one.

Moreover, if employees are not educated about the reasons why certain services are blocked nor given alternatives, they will adapt as well, Gupta said. In one instance, a company blocked backup service Carbonite for fear that data would be leaked or exfiltrated using the service. Soon after, an employee started using another service known as Elephant Backup instead. Skyhigh rates Elephant as risky.

Wrong decisions

“What you find is that our IT organisation is so in the dark about what is risky that they are making the wrong decisions,” Gupta said.

Two big categories that are considered high risk are tracking services and development services, according to the report. Typical web tracking services, such as KISSmetrics and AddThis, do not deliver any value to a company but can offer attackers enough insight into employee habits to help target waterhole attacks. Such attacks find websites visited by company employees, attempt to compromise the sites and then deliver malicious code to employees through the sites.

Development services can be used as a way of exfiltrating data or as an infection vector. Even social media sites can be used to communicate data outside the company firewall, according to Gupta. One customer found a user who sent out a million tweets in a day, but in reality, their compromised systems was exporting data 140 characters at a time via the tweets.

“This is all about shedding light on shadow IT,” he said.

Are you a security pro? Try our quiz!

Originally published on eWeek.

Robert Lemos

Robert Lemos covers cyber security for TechWeekEurope and eWeek

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

4 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

4 days ago