More

    Changing Application Landscape Raises New Cybersecurity Challenges

    Any time there is a major cataclysmic event on the scale of a COVID-19 pandemic there are going to be, as far as IT is concerned, shifts that are wholly unexpected. In the case of the pandemic, it appears there are now a wide range of applications being employed that, prior to the pandemic, would not have been expected to garner as much of a user base as they apparently have now.

    An annual Businesses @ Work 2021 report published by Okta, a provider of an identity-as-a-service platform that tracks application login across 9,400 organizations, finds the top five platforms being logged into are Microsoft 365, Amazon Web Services (AWS), Salesforce, Google Workspace, and Zoom. Surprisingly, the number of organizations running both Microsoft 365 and Google Workspace now stands at 36%, the Okta report also finds.

    However, the Okta report also notes that Amazon Business, Smartsheet, Lucidchart, Snowflake, Miro, Figma, Culture-Amp, Lattice, and Monday.com. The fact that Zoom is more widely employed than ever may not be surprising, but Amazon Business, which was created to give businesses more control over procurement, grew an astounding 341% on a year-over-year basis, according to the report.

    Given how many of those applications are a cloud service, it’s clear end-user behavior is changing in the work-from-home era, says Randall Degges, head of developer advocacy for Okta. “Everything is moving into the cloud.” he says.

    Overall, the Okta report concludes on average organizations are running 88 applications, with larger entities deploying on average 175 applications compared to smaller one that on average have 73 applications.

    Also read: The Best Cybersecurity Tools for Small Businesses

    App Security Still a Concern

    As the size of the application portfolio that is being accessed from home continues to grow, traditional approaches to securing applications based solely on usernames and passwords are becoming untenable. Multifactor authentication (MFA) approaches based on the identity of the end user is becoming a bigger requirement, says Degges.

    End users, of course, are not especially fond of passwords. Most people are using a variant of a handful of passwords they can remember across a wide range of applications. Cybercriminals, of course, know this better than anyone. That’s why it’s become a lot easier for them to launch credential stuffing attacks using stolen passwords harvested across the Dark Web. The next thing anyone in IT knows malware is spreading laterally across the entire organization because some endpoint was compromised using a stolen password. The more applications being used the greater the probability a credential will be compromised.

    Also read: Top Endpoint Protection Platforms (EPP) 2021

    Reducing the Cyberthreat

    Perfect security, obviously, is unattainable. However, there is a direct correlation between the number of applications employed and the size and scope of the potential threat. IT teams need to take note of what applications are being used most often with an eye toward deprovisioning applications that are not being as actively employed as they once were. Many of the new applications being employed may not have been sanctioned by IT, but like it or not, the time may have come to rationalize corporate applications in favor of ones that end users seem to prefer. Otherwise, IT teams are making an already difficult cybersecurity issue just that much more problematic for all concerned.

    Also read: Understanding the Zero Trust Approach to Network Security

    Mike Vizard
    Michael Vizard is a seasoned IT journalist, with nearly 30 years of experience writing and editing about enterprise IT issues. He is a contributor to publications including Programmableweb, IT Business Edge, CIOinsight and UBM Tech. He formerly was editorial director for Ziff-Davis Enterprise, where he launched the company’s custom content division, and has also served as editor in chief for CRN and InfoWorld. He also has held editorial positions at PC Week, Computerworld and Digital Review.

    Latest Articles