OneLogin, a SaaS single sign on company, and flyingpenguin, a security consultancy, have collaborated to produce the 2013 State of Cloud Application Access survey – and the results will provide little comfort to security admins. Increasing numbers of users are accessing a growing number of cloud applications via non-company computers. 80% of survey respondents access cloud applications for business purposes via their smartphones. 71% do so via a tablet; and 81% use a non-company computer. 71% admitted to accessing cloud applications, such as Dropbox or Google Drive, that have not been sanctioned by their IT department.
All indications are that the password management problem will increase. 44% of respondents admit that employees manage their passwords on a spreadsheet or sticky note, while 37% admit that employees share their passwords. At the same time, 78% believe that the total number of different cloud applications used by employees will increase over the next year.
“2013 will be a tipping point in cloud adoption,” said Thomas Pedersen, CEO at OneLogin. “With enterprises rapidly turning to cloud apps, the inherent risks in practices like using unsanctioned apps or sharing passwords on sticky notes need to be addressed, and quickly.” The problem is that multiple users accessing multiple cloud applications from multiple devices rapidly escalates the sheer volume of passwords that need to be protected – any one of which could be phished to provide access to the corporate network. OneLogin believes that a cloud-based single sign-on approach linked to Active Directory for instant deprovisioning is the solution – noticeably, 20% of respondents had experienced an employee still able to login after leaving the company. Single sign means that users need protect just one password for all applications, while companies can instantly remove all access for leavers.
“It is no secret that cloud apps need solutions added to improve their security; yet to see 20% of app users admit a breach by ex-employees is still a surprisingly high result,” said Davi Ottenheimer, president of flyingpenguin. “The real story behind the 80% already using cloud apps is that 70% admit apps came without company approval. In 2013, organizations will need solutions flexible enough to support the 60% with more than four apps already in use, and scalable enough to keep up with the 35% who plan to add at least four new apps this year.”