SailPoint Market Pulse Survey Illustrates How Cloud Apps Increase the Risk of Insider Threat

According to SailPoint’s 7^th Annual Market Pulse Survey, companies around the world have reason to be worried about the use of cloud applications to share mission-critical information: one in five employees has uploaded proprietary corporate data to a cloud application, such as Dropbox or Google Docs, with the specific intent of sharing it outside of the company. The survey also found a clear disconnect between cloud usage across the business and existing IT controls with an alarming 66 per cent of users able to access those cloud storage applications after leaving their last job. And, despite that 60 per cent of employees stated they were aware that their employer strictly forbids taking intellectual property after leaving the company, one in four admitted they would take copies of corporate data with them when leaving a company.

SailPoint’s 2014 Market Pulse Survey was designed to measure employee attitudes toward protecting corporate digital assets. The company commissioned Vanson Bourne, an independent research firm, to interview 1,000 office workers at large companies with at least 3,000 employees across Australia, France, Germany, the Netherlands, the United Kingdom and the United States. With only 28 per cent of survey respondents stating that corporate policies pay close attention to who is granted access to mission-critical SaaS apps, the survey showcases the complex challenge companies face when trying to manage applications outside of IT’s control, as well as the risk of massive security breaches and internal theft faced by companies.

The Market Pulse Survey focused on specific regions to help companies gain a better picture of the progress of security controls around sensitive information. The key findings of employee actions around the globe include:

• Employees who have uploaded a sensitive document to share outside their companies via a cloud application (such as DropBox, Box or Google Docs): Australia (11 per cent); France (20 per cent); Germany (17 per cent); Netherlands (13 per cent); United Kingdom (18 per cent); and United States (22 per cent)
• Employees who have purchased and/or deployed a cloud application (such as Salesforce.com, Concur, Workday, DropBox, DocuSign, etc.) without the help of IT: Australia (14 per cent); France (14 per cent); Germany (16 per cent); Netherlands (18 per cent); United Kingdom (21 per cent) and United States (24 per cent)
• Employees who are aware of corporate policy that pays close attentions to who is granted access to cloud applications with mission-critical data: Australia (24 per cent); France (27 per cent); Germany (28 per cent); Netherlands (24 per cent); United Kingdom (30 per cent) and United States (29 per cent)
• Employees who were able to access corporate data via cloud storage applications (including Dropbox and Google Docs) after they left their companies: Australia (56 per cent); France (70 per cent); Germany (70 per cent); Netherlands (61 per cent); United Kingdom (61 per cent) and United States (69 per cent)
• Employees who are aware of corporate policies against taking intellectual property when they leave their companies: Australia (68 per cent); France (49 per cent); Germany (58 per cent); Netherlands (57 per cent); United Kingdom (60 per cent) and United States (61 per cent)
• Employees who admitted they would take any corporate data when they left their jobs: Australia (21 per cent); France (24 per cent); Germany (16 per cent); Netherlands (15 per cent); United Kingdom (26 per cent) and United States (27 per cent)

“The survey results are an eye opener of how cloud applications have made it easy for employees to take information with them when they leave a company,” said Kevin Cunningham, president and founder of SailPoint. “With almost 20 per cent of employees purchasing a cloud application for work without involving the IT departments, combined with the ability for employees to use consumer cloud apps for work activities, it’s virtually impossible to manage access to applications and the sharing of mission-critical data. In order to establish control over this ‘bring your own app’ phenomenon, it’s critical to provide specific incentives for end users to follow corporate policy such as offering users a seamless login experience in exchange for using a central access control framework.”