Skyhigh Networks analyzed actual cloud usage data from over 15 million enterprise employees across 350 enterprises. Although they found a record high percentage of cloud applications with enterprise-ready security capabilities, risks associated with shadow IT persist. These risks include the use of cloud services that don’t encrypt data at rest, external sharing of sensitive corporate data, and compromised credentials.
The average number of cloud services in use increased 33 percent
The average European company had 782 cloud services in use in Q4 2014, up from 588 in Q1 2014. This growth was lopsided across categories. Collaborations services (e.g. Microsoft Office 365, Gmail, etc.) experienced the largest rate of growth in Europe at 99 percent. Development services (e.g. GitHub, SourceForce, etc.) were the second fastest-growing category, 62 percent.
The number of CSPs with enterprise security capabilities doubled
The number of cloud service providers investing in key security capabilities more than doubled in 2014. Specifically, 1,082 (11 percent of all services) encrypt data at rest versus 470 in Q4 2013, 1,459 (17 percent) offer multi-factor authentication versus 705 in Q4 2013, and 533 (5 percent) hold ISO 27001 certification versus 188 in Q4 2013.
Over one third of employees upload sensitive data to file sharing services
33 percent of employees upload sensitive data to file sharing services, and 22 percent of all files uploaded to file sharing services contained sensitive data. Beyond file sharing, 4 percent of fields in other critical business applications such as CRM contain sensitive personally identifiable information (PII) or personal health information (PHI) data subject to regulatory compliance.
One tenth of corporate file sharing is external
Analyzing the use of file sharing and collaboration services revealed that 10 percent of documents were shared with business partners outside the company. Of externally shared documents, 2 percent contained sensitive data. Even more concerning was the fact that 18 percent of external collaboration requests went to third party email addresses (e.g. Gmail, Hotmail, and Yahoo! Mail).
92 percent of companies have compromised credentials
The vast majority of companies have users with at least one stolen credential and the average company had 12 percent of users affected. The most exposed industries are Real Estate, High Tech, and Utilities, while the least exposed are Government and Healthcare. With 31 percent of passwords reused across websites and applications, stolen login credentials pose significant risk to corporate data.