In Europe, the number of cloud services in use by the average company increased 23 percent, rising from 588 in Q1 to 724 in Q3. However, not all of these services are ready for the enterprise.
Developed in conjunction with the Cloud Security Alliance, Skyhigh’s Cloud Trust Program tracks the attributes of cloud services and ranks them according to risk. The report found that only 9.5 percent of all services met the most stringent security requirements including strong password policies and data encryption.
The report also revealed a worrying lack of conformance to the EU Data Protection Directive, particularly with regards to the transfer of personally identifiable information outside Europe. Nearly three quarters (74.3%) of the cloud services used by European organizations do not meet the requirements of the current privacy regulations, with data being sent to countries without adequate levels of data protection. With stricter policies and harsher penalties set to come into force soon, organizations have just a short window to address these issues.
Much of the adoption of cloud services still remains under the radar of IT departments, with 76 percent of IT professionals not knowing the scope of Shadow IT at their companies but want to know. As such, a key problem that IT teams face is the enforcement of an acceptable use policy.
IT personnel are often surprised when it is discovered that cloud services that they believe to have been blocked are actually being used by employees. As part of the study, Skyhigh surveyed IT professionals to understand their expected block rates for certain cloud services, and then compared this to actual block rates measured in the wild. The resulting “cloud enforcement gap’ was surprising, for example 89 percent of IT professionals intended to block Dropbox, but only 1 percent of organizations blocked the service comprehensively.
In terms of trends, the report found that 80 percent of all corporate data uploaded to the cloud is sent to just 15 percent of cloud services, which makes it easier for IT teams to prioritize security and risk analysis. The top destination for corporate data in Europe is Microsoft Office 365, followed by Salesforce. However, there’s a long tail of services below these top 15 and this is where 72.5% of the compromised accounts, insider threats and malware originate.
Finally, by digging deeper into the statistics, the report has for the first time revealed the behavior of the most “dangerous’ cloud user in Europe. This person accessed 71 high-risk cloud services and uploaded greater than 17.5GB of data in a three month period, the equivalent of 8,750 copies of War and Peace. This highlights the threat a single rogue user could pose to an organisation and its data.
The complete report is available here (registration required).