Skyhigh Networks, the cloud access security company, today released the Cloud Adoption and Risk Report, the first industry report to analyze not only the actual usage of cloud services but also the risks they present to organizations. The full report is available on the Skyhigh website.
Even as headlines focus on the National Security Agency (NSA) controversy, the Cloud Adoption and Risk Report reveals that organizations lack the information to understand and mitigate a broader set of risks posed by the use of cloud services.
“What we are seeing from this report is that there are no consistent policies in place to manage the security, compliance, governance, and legal risks of cloud services,” said Rajiv Gupta, founder and CEO at Skyhigh Networks. “Our cloud usage analytics suggest that enterprises are taking action on the popular cloud services they know of and not on the cloud services that pose the greatest risk to their organization. Lack of visibility into the use and risk seem to be crux of the problem.”
Cloud is the New Wild Wild West
Data from more than 100 organizations suggests broad and rampant use of cloud services.
• 2,204 cloud services are in use across 3 million users across financial services, healthcare, high tech, manufacturing, media and services industries.
• 545 cloud services are in use by an organization on average, and the highest number of cloud services used by an organization is 1,769.
It’s Not a Popularity Contest - It’s Risky Business
Corporate security measures are based on concerns related to productivity and bandwidth, or on the familiarity with the service as opposed to the risk of the services.
• Low-risk services are blocked 40 percent more than high-risk services.
• At 9 percent, tracking is the least blocked cloud service category despite the fact that it delivers zero business benefit and exposes organizations to watering hole attacks.
• Among the top 100 services used, the top 10 blocked services in use are Netflix, Foursquare, Apple iCloud, Gmail, Skype, Amazon Web Services, Batanga, Dropbox, KISSmetrics, and PhotoBucket.
Cloud-based Code Repositories Gain Momentum - Develop Responsibly
In the development cloud service category, cloud-based repositories have gained momentum.
• The shift to open source cloud-based code repositories presents security challenges as some sites are known to host malicious backdoors.
• GitHub is blocked 21 percent of the time but Codehaus, a high-risk service, is blocked only 1 percent of the time.
• The top 10 development services in use are MSDN, GitHub, SourceForge, Atlassian OnDemand, Apple Developer, Zend Server, HortonWorks Data Platform, CollabNet, Force.com, Apache Maven, and CodeHaus.
Microsoft A Not-So-Sleeping Giant
While Microsoft may be falling out of favor with new users, it is too early to count it out.
• The 3rd most widely used file sharing cloud service is SkyDrive
• The software giant dominates in collaboration with Office 365, Skype and Yammer in the top 10 of the most widely used services in this category.
• The top 10 collaboration services in use are Office 365, Cisco WebEx, Gmail, Google Apps, Skype, Yahoo! Mail, AOL, Slideshare, Evernote, and Yammer.
File Sharing Side Effects Risk and Confusion
File sharing is widely used and the most misunderstood category by IT professionals.
• 19 file sharing cloud services are used by an organization on average, which impedes collaboration and increases security and compliance risks.
• 4 of the top most used file sharing services are high-risk.
• Box, the lowest risk file sharing service, is blocked 35 percent of the time, but Rapidgator, a high-risk service, is blocked only 1 percent of the time.
• The top 10 file sharing services in use are Dropbox, Google Drive, SkyDrive, Box, Hightail, CloudApp, Sharefile, Rapidgator, Zippyshare, and Uploaded.
About The Cloud Adoption and Risk Report
The Cloud Adoption and Risk Report is based on data from more than 3 million users across more than 100 companies spanning financial services, healthcare, high technology, manufacturing, media and services industries. The top 10 services are based on the number of users of the service. The risk of each service is based on Skyhigh CloudRiskTM, which assigns a 1-to-10 risk rating based on detailed, objective and weighted assessment of more than 30 attributes across data risk, user risk, device risk, service risk, business risk and legal risk.
About Skyhigh Networks
Skyhigh Networks (skyhighnetworks.com), the cloud access security company, enables companies to embrace cloud services with appropriate levels of security, compliance, and governance while lowering overall risk and cost. With customers in financial services, professional services, healthcare, high technology, media and entertainment, manufacturing, and legal verticals, the company was a finalist for the RSA Conference 2013 Most Innovative Company award and was recently named a “Cool Vendor” by Gartner, Inc. Headquartered in Cupertino, Calif., Skyhigh Networks is led by an experienced team and is venture-backed by Greylock Partners and Sequoia Capital.