Despite the every-increasing number of commercial off-the-shelf (COTS) software programs for almost every imaginable application, custom programs still are extremely popular among users. However, of those programs, a majority of them are not only outside the control of the corporate IT department, but the IT security teams are unaware of nearly two-thirds of them, according to a recent report from the Cloud Security Alliance (CSA) and Skyhigh Networks.
Findings from the report state that the average enterprise has 464 custom applications deployed, yet corporate security only was aware of 38.4 percent of them. That number of deployed custom applications is expected to grow by 20.5 percent during 2017, the report stated.
“Rather than security being a barrier to development, it appears development is occurring without involvement of security,” said the report, which had 314 respondents and was conducted from December 2016 to January 2017.
Part of the challenge corporate security professionals will face is having access to these applications, the report found. Some 72.7 of the companies have business-critical custom applications and nearly half – 46.1 percent – of those are deployed in either the public or a hybrid cloud environment. In fact, the authors said 2017 will be “a tipping point” when, by the end of the year, fewer than half of applications, just 46.2 percent, will reside in the datacenter, down from the 60.9 percent.
Nearly 70 percent of the respondents said the main reason for moving applications to the public cloud infrastructure is the abiity to scale the workloads up or down on demand. Some 56.1 percent cited cost savings over the datacenter while just 30.5 percent cited the transfer of costs from capital investments to operations.
However, data in the cloud is no panacea to security vulnerabilities. Data that resides in the cloud can be more difficult for the IT team to apply corporate security protocols, putting more data at risk, according to Skyhigh Networks. Some 66.5 percent of the survey respondents said sensitive data in the cloud is a potential threat, while a close second was the 56.9 percent of respondents who said third-party account compromises concerned them.
Overall, among the biggest challenges companies face today are the rogue applications that escape the protection of the IT security teams and the concerns of data in the cloud, the report said. “There is no a sizeable number of ‘shadow' applications developed internally that IT security is not aware of or involved in securing,” the report found.
Lack of knowledge of applications and access to the ones IT knows about appear to be two of this years' key challenges.