Cloud based services have been coming in very handy for many enterprises and smaller businesses, but the issue of app security is on the rise, according to a report by OneLogin and Flying Penguin. Numbers show that 71 percent admit that they are using cloud computing apps that are not sanctioned by the business' IT department, something that, if left unchecked, could end up causing breaches.

"It is no secret that cloud apps need solutions added to improve their security; yet to see 20 percent of app users admit a breach by ex-employees is still a surprisingly high result,” FlyingPenguin President Davi Ottenheimer said. “The real story behind the 80 percent already using cloud apps already is that 70 percent admit apps came without company approval. In 2013, organizations will need solutions flexible enough to support the 60 percent with more than four apps already in use, and scalable enough to keep up with the 35 percent who plan to add at least four new apps this year."

Other numbers from this report show:
- 72 percent said they have the need to provide external uses with temporary access to cloud apps
- 48 percent said they aren't able to sign into cloud apps with a single set of credentials
- 50 percent had multiple on-premise directories

OneLogin CEO Thomas Pedersen said the survey shows that 2013 will be a tipping point in cloud adoption, reporting that enterprise are turning to cloud apps but there are inherent risks that must be taken care of up front before any concerns spread throughout the company.

Service level agreements should include security
While businesses cannot simply stop worrying about the security of cloud computing services, a story in TechTarget said companies should be sure that any worries of apps are written into the policy. Russ McRee, security researcher, said moving from a legacy application to the cloud can be a great opportunity to improve security and companies should not take it lightly.

“A lot of applications that were deployed when application security wasn't as much of a focus as it is today,” he said. “There's a tremendous opportunity to reconsider the application to do proper threat modeling, proper assessments. … All the things we really should have been done originally.”

He said businesses should make sure their cloud computing services contract has the voice they want even if the provider cannot do certain things, as providers could extend themselves beyond what they normally do depending on the business they are working with.