Netskope, a leader in Security Service Edge (SSE) and Zero Trust, has released new research detailing the proliferation of cloud apps used within businesses worldwide. The Netskope Cloud and Threat Report: Cloud Data Sprawl found that cloud app use within organisations continues to rise, as it has already increased 35% since the beginning of 2022, with an average company of 500-2,000 users uploading, creating, sharing or storing data in 138 different apps and using an average of 1,558 distinct cloud apps each month.
The report found that more than one in five (22%) users upload, create, share or store data in personal apps and personal instances, with Gmail, WhatsApp, Google Drive, Facebook, WeTransfer and LinkedIn ranking as the most popular personal apps and instances.
A personal app, such as WhatsApp, is an app that only sees personal usage from personal accounts. A personal instance is a personal account of an app that is also managed by the organisation. For example, someone’s personal Gmail account in an organisation that uses Google Workspaces is a personal instance.
Additionally, highlighting a continued trend in insider risk, the report revealed that one in five users (20%) upload an unusually high amount of data to such personal locations during the 30 days before they leave an organisation, marking an increase of 33% during the same time period last year.
“Cloud apps have helped to increase productivity and enable hybrid work, but they have also caused an ever-increasing amount of data sprawl that puts sensitive data at risk,” said Ray Canzanese, Threat Research Director, Netskope Threat Labs. “Personal apps and instances are particularly concerning, since users maintain access to data stored in those instances even well after they leave an organisation. Proactive security measures – especially policy controls that limit access to sensitive data to only authorised users and devices and prevent sensitive data from being uploaded to personal apps and personal instances – can help reduce the risks of loss or exposure of sensitive data.”