Skyhigh Networks has released its latest quarterly Cloud Adoption and Risk Report. This report analyses actual cloud usage data from over 15 million enterprise employees across 350 enterprises. Although the study found a record high percentage of cloud applications with enterprise-ready security capabilities, risks associated with shadow IT persist. These risks include the use of cloud services that don’t encrypt data at rest, external sharing of sensitive corporate data, and compromised credentials. With a full year of usage statistics, this latest edition of the report is the industry’s most comprehensive to date.
“2014 will go down as the year of the cloud’s arrival as a fundamental tool for the Global 5000 enterprise,” said Kamal Shah, VP of products and marketing at Skyhigh Networks. “The average European employee uses 23 cloud services, many of which represent unsanctioned or shadow IT and highlight the growing risk and opportunity for IT teams to securely enable cloud services within their organisations.”
In addition to updates on recurring features such as the top cloud services by category, this quarter’s report provides annual statistics for 2014.
The average number of cloud services in use increased 33 percent
The average European company had 782 cloud services in use in Q4 2014, up from 588 in Q1 2014. This growth was lopsided across categories. Collaborations services (e.g. Microsoft Office 365, Gmail, etc.) experienced the largest rate of growth in Europe at 99 percent. Development services (e.g. GitHub, SourceForce, etc.) were the second fastest-growing category, 62 percent.
The number of CSPs with enterprise security capabilities doubled
The number of cloud service providers investing in key security capabilities more than doubled in 2014. Specifically, 1,082 (11 percent of all services) encrypt data at rest versus 470 in Q4 2013, 1,459 (17 percent) offer multi-factor authentication versus 705 in Q4 2013, and 533 (5 percent) hold ISO 27001 certification versus 188 in Q4 2013.
Over one third of employees upload sensitive data to file sharing services
33 percent of employees upload sensitive data to file sharing services, and 22 percent of all files uploaded to file sharing services contained sensitive data. Beyond file sharing, 4 percent of fields in other critical business applications such as CRM contain sensitive personally identifiable information (PII) or personal health information (PHI) data subject to regulatory compliance.
One tenth of corporate file sharing is external
Analysing the use of file sharing and collaboration services revealed that 10 percent of documents were shared with business partners outside the company. Of externally shared documents, 2 percent contained sensitive data. Even more concerning was the fact that 18 percent of external collaboration requests went to third party email addresses (e.g. Gmail, Hotmail, and Yahoo! Mail).
92 percent of companies have compromised credentials
The vast majority of companies have users with at least one stolen credential and the average company had 12 percent of users affected. The most exposed industries are Real Estate, High Tech, and Utilities, while the least exposed are Government and Healthcare. With 31 percent of passwords reused across websites and applications, stolen login credentials pose significant risk to corporate data.