Skyhigh Networks released the third edition of its quarterly Cloud Adoption and Risk Report.
“With this report, we uncovered trends beyond the presence of shadow IT in the enterprise,” said Rajiv Gupta, CEO of Skyhigh Networks. “We provide real data around cloud usage, adoption of enterprise-ready services, the category of services demanded by employees, as well as malware and other vulnerabilities from these cloud services. It’s this type of data and analysis that CIOs use to maximize the value of cloud services and help drive an organized, productive, and safe movement to the cloud.”
Use of cloud services is accelerating
Data from more than 250 organizations shows that 3,571 cloud services are in use across more than 8.3 million users, as opposed to 2,675 last quarter (33% growth). 759 cloud services are in use by an organization on average, as opposed to 626 last quarter (21% growth).
Percentage of enterprise-ready services is decreasing
Of the 3,571 cloud services used, only 7% of services fully satisfied the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection. This is significantly down from 11% last quarter. This suggests that a majority of new cloud services used by employees are exposing organizations to risk.
Fragmented cloud service use is impeding collaboration, driving greater risks and higher costs
On average, an organization is using 24 different file sharing services and 91 different collaboration services. This not only impedes collaboration and leads to employee frustration, but also results in greater risk since 60% of the file sharing services used are high risk services. IT organizations have a unique opportunity to drive consolidation while continuing to offer choices to their employees.
Astonishingly, one-third of cloud services were vulnerable to Heartbleed
Out of the 3,571 services in use, 33% (1,173) were vulnerable to the Heartbleed bug – leaving user data, passwords, and private keys open to theft. Due to the steps cloud service providers have taken to protect themselves, that number has gradually declined to less than 1%.
18% of use is from Windows XP
Microsoft ended support for Windows XP on April 8. For the most part, enterprises have upgraded from XP to the latest operating systems, but a significant 18% of companies had at least 1,000 devices running XP that were accessing public cloud services. The XP end-of-life event means that these devices may be unpatched and vulnerable, exposing the organizations to risk.
Malware: A pervasive threat
The malware problem is alive and well, as 29% of organizations had anomalous cloud access indicative of malware. In addition, 16% of organizations had anomalous cloud access to services that store business critical data, introducing an even higher level of risk.
EU-based cloud services: from the frying pan to the fire
Given the concerns around the US Patriot Act and US government-issued blind subpoenas, there is a growing school of thought advocating the use of cloud services headquartered in privacy-friendly countries (i.e. the European Union). However, 9% of cloud services headquartered in the EU are high risk, compared to only 5% of cloud services headquartered in the US.