It’s critically important to provide remote users with secure access to corporate IT resources. Virtual private networks (VPN) create an encrypted “tunnel,” reducing the risk that sensitive company data traversing the public Internet can be exposed.
Today, however, remote workers are more likely to use cloud-based applications and services. According to a new report from Netskope Threat Labs, 53 percent of all web traffic is now cloud-related. The report also finds that cloud apps are a major source of malware and other cybersecurity threats.A next-generation secure web gateway (SWG) can help organizations beef up the security of their cloud-based applications. In addition to basic web filtering, a next-gen SWG provides greater visibility and control over cloud usage, including growing numbers of “shadow IT” applications. It also provides multilayered threat detection and advanced data protection across multiple cloud services.
The average number of cloud apps in use by midsize organizations increased more than 20 percent in 2020, from 557 in the first quarter to 690 by the end of the year. Almost all — 97 percent — are considered shadow IT apps that users adopted without management or IT approval.
In addition, 83 percent of users access personal app instances on their company-managed devices. Personal app instances are an individual user’s subscription to a file-sharing solution such as Microsoft OneDrive, Google Drive or iCloud, or an email account such as Gmail. Users frequently upload company data to their personal accounts even if the organization has a corporate instance of the app.
It’s not uncommon for users to download sensitive data from a corporate app instance and upload it to a personal app instance. This kind of data mishandling increases the risk of a breach.
During 2020, cloud apps also became the most popular means of delivering malware. The percentage of malware delivered by cloud apps increased from 48 percent in the first quarter of 2020 to 61 percent in the fourth quarter. Although malware can be found in many different cloud apps, hackers tend to favor the most popular services, including Microsoft OneDrive and Google Drive, to avoid block lists.
Malware was commonly distributed via productivity tools, such as the Microsoft 365 cloud service. The amount of malware delivered via Office docs peaked in the third quarter of 2020 at 38 percent thanks to malicious links that spread the Emotet banking Trojan. Although law enforcement officials took down the command-and-control infrastructure behind Emotet, other malware continues to circulate through phishing emails with links to Office docs.
An SWG provides a vital line of defense against these threats. It sits between users and the web, providing URL filtering, blocking access to inappropriate websites and enforcing acceptable use policies.
A next-gen SWG enables greater visibility into cloud traffic and user behavior than older SWG technologies, and provides consistent inspection no matter where users and data are located. Instead of blocking all shadow IT applications, organizations gain granular control over cloud app usage. A next-gen SWG also provides data loss prevention (DLP) and malware protection.
An SWG is a component of a secure access service edge (SASE) that combines multiple services that secure cloud access. The SASE approach typically integrates SWG with next-generation firewalls, domain name system security and cloud access security brokers.
Securing remote access to corporate IT resources is essential, but increasing numbers of cloud applications and services must be protected as well. A next-gen SWG is part of a multilayered approach that provides complete visibility and control, reduces the risk of data loss and exposure, and mitigates cloud app security threats. Learn more about leading cybersecurity solutions and services by having a conversation with our team of security experts.