Skyhigh Report Highlights Corporate Risks from Business Partners

Enterprises Average 1,555 Partners, and 30% of Data Shared Is With High Risk Partners

CAMPBELL, Calif. March 31, 2015 – Security does not end at the corporate perimeter. Skyhigh Networks, the Cloud Security and Enablement Company, today released the seventh edition of its quarterly Cloud Adoption and Risk Report. The Q1 2015 report, derived from analysis of actual cloud usage across over 17 million employees, expands its scope to include the risk to enterprises from business partners connected through the cloud.

After vendors served as entry points in recent high-profile breaches, security vulnerabilities associated with partners have received increased attention. The report reveals that cloud services are rapidly becoming the primary connectors between businesses, with the average company connecting with 1,555 partners. The report measured partner risk based on several security attributes and found that 8% of all partners are high-risk and that 30% of total data shared with partners is shared with high-risk partners.

The full report is available here: https://www.skyhighnetworks.com/cloud-report/

“Security of any enterprise is only as strong as its weakest link, and recent breaches have shown that partners are often the weakest link,” said Sekhar Sarukkai, co-founder and VP of Engineering at Skyhigh Networks. “Therefore, enterprises must have visibility into the security risks of their business partners so they can take the necessary steps to protect themselves.” 

8% of Partners Are High-Risk but Receive 30% of Data

A number of attributes can classify a partner as high-risk, including being affected by malware of botnets, having compromised identities for sale on the Darknet, suffering from a breach, or being exposed to vulnerabilities such as POODLE. High-risk partners receive 30% of all data shared with partners – a disproportionately large amount.

58 “Super Partners” Are Connected to Over 50% of Enterprises

Many partners are well connected among the largest organizations, meaning a vulnerability within a single partner could have far-reaching consequences. The risk of these super partners is higher than the overall rate, with 12.5% considered high-risk. Top super partners include pest control, IT services, software, equipment manufacturing, hospitality, and consulting companies.

One Partner Has Over 9,000 Compromised Identities and 200 Devices with Malware

The report gives the risk attributes for several example partners. One airline had 9,716 credentials for sale on the Darknet and 209 devices infected with malware. A financial services technology provider had 1,216 compromised identities across 19 Darknet sites. An advertising agency had 1,565 compromised identities for sale across 29 Darknet sites. All three partners are still vulnerable to POODLE.

Enablers of the Cloud Economy

Certain cloud services stand out as hyper-connectors, enabling the highest number of partner connections. The top cloud connectors in the customer support category are Zendesk, Salesforce, and GrooveHQ. For file sharing, Sharefile, Box, and Wiredrive are the top connectors. In the collaboration category, the top connectors are Cisco WebEx, Slack, and Office 365.

Highest Risk Partner Categories

Not all partner categories are equal when it comes to risk. Telecommunications companies had the highest percentage of high-risk businesses, at 30% – double the rate of the tenth highest-risk category, Travel. Security teams should pay special attention to interactions with partners falling into the categories on this list.

About Skyhigh Networks

Skyhigh Networks, the Cloud Security and Enablement Company, helps enterprises safely adopt cloud services while meeting their security, compliance, and governance requirements. Enterprises including Aetna, Cisco, DIRECTV, HP, and Western Union use Skyhigh to gain visibility into all cloud services in use and their associated risk; analyze cloud usage to identify security breaches, compromised accounts, and insider threats; and seamlessly enforce security policies with encryption, data loss prevention, contextual access control, and activity monitoring. Headquartered in Campbell, Calif., Skyhigh Networks is backed by Greylock Partners, Sequoia, and Salesforce.com. For more information, visit us at www.skyhighnetworks.com or follow us on Twitter @skyhighnetworks.

###

Contact:

Michelle Marin

pr@skyhighnetworks.com

(408) 564-0278