Threat Research

FortiGuard Labs Telemetry – Cloud Application Usage Observations

By Gavin Chow | May 01, 2017

Many internet moons ago, it was the norm to fix a cup of coffee while waiting for a 1-megabyte file download to complete. Innovators and early adopters of cloud storage at that time were faced with the challenge of limited internet bandwidth capacities and expensive leased lines. Storing and syncing files across the internet was simply not very appealing.

Fast forward to 2017: cloud storage has increasingly become mainstream for storing, computing, and sharing data, while also combining accessibility and reliability into the mix. With larger internet bandwidth capacities connecting homes and businesses, syncing files across the internet is now a reality, and it can be done without needing to brew a couple of pots of coffee.

Based on FortiGuard Lab’s application telemetry, cloud storage applications have grown by more than 21% between Q4 2016 and Q1 2017, as shown in the following chart:

When comparing the top 5 cloud storage applications detected in Q4 2016 versus Q1 2017, our telemetry also show an increase for each individual cloud storage application:

This chart also highlights the increasing use of cloud-based services by mobile devices, as evidenced by the large number of Apple devices using iCloud for data backup and storage, versus services that may be more commonly used by more traditional computing devices.

Two Examples – and Microsoft Office 365

Besides simply storing data in the cloud, more cloud-based business applications are being used by organizations than ever before. For example, our telemetry shows that has shown a 29% increase in the number of hits when just comparing Q4 2016 with Q1 of 2017:

Our telemetry also shows that the cloud-based version of Microsoft Office 365 increased more than 12% in the number of hits in that same time period between Q4 2016 and Q1 2017:

While the rate of adoption of cloud-based computing continues to accelerate, it has also increased the potential for security risks. Limited visibility of the data stored in the cloud, the lack of compliance for many cloud applications, and the potential exposure to threats such as viruses and malware between cloud users are examples of associated risks. 

Limited visibility of the data stored in the cloud

Without visibility of data in transit to the cloud, an organization will lose control of ensuring sensitive data is confined within itself. For example, if an employee is not security-aware, he or she may upload sensitive data and share it publicly in the internet without realizing it.

Lack of compliance for cloud applications

An organization should have a strict set of policies on how sensitive data should be handled, and how to enforce these policies locally and in the cloud. For example, all documents containing intellectual property markings should not be shared outside any public cloud services. To enforce this, a solution should be able to detect and filter the flow of sensitive data in transit before it even gets uploaded to these public cloud services.

Exposure to threats between cloud users

Malicious files stored in the cloud is another risk for an organization to consider. For example, users may accidently download malware from the cloud; users could also upload and share malware in the cloud without their knowledge. This creates another threat vector for an organization which does not have visibility on cloud usage in its environment.

Fortinet’s Cloud Access Security Broker (FortiCASB)

To mitigate threats related to applications and data in the cloud, Fortinet has just introduced its new API-based FortiCASB service, enabling IT teams to maintain security visibility for both on- and off-network user access to some of the most widely used SaaS applications, including and Microsoft Office 365. FortiCASB protects data stored in SaaS resources from cloud-borne threats, and delivers compliance and audit tools to provide better control of SaaS applications. FortiCASB will be available at the end of Q2 2017.


Now, more than ever, the need for greater visibility and control into cloud applications is important. Every organization should know the “who, what, where, when, and how” that is associated with both their data in transit and at rest. After all, data is now a modern-day business’ crown jewels.


Sign up for weekly Fortinet FortiGuard Labs Threat Intelligence Briefs and stay on top of the newest emerging threats.