New Research Shows High Percentage Of Cloud Apps Not Enterprise Ready

New Research Shows High Percentage Of Cloud Apps Not Enterprise Ready

New Research Shows High Percentage of Cloud Apps Not Enterprise Ready

Businesses are becoming increasingly reliant on cloud apps as their usage of cloud-based systems grows. A new report by Netskope, the leader in cloud app analytics and policy enforcement, has highlighted how several apps are getting blocked by network perimeter appliances yet being granted exceptions.

The research, co-conducted by the Ponemon Institute, based their findings on aggregated, anonymised data from the Netskope Active Platform, and took in results from thousands of users between January and March 2014.

The key findings were:

  • Enterprises use an average of 461 cloud applications, up from 397 in Q4 2013
  • 85 percent of cloud apps are not enterprise-ready
  • 90 percent of cloud app usage was in apps that were blocked at the perimeter but granted exceptions
  • The top policy violation was uploading to cloud storage

Of the 461 apps being used, they discovered that a worryingly high 85 percent only scored ‘medium’ or below in the ‘Cloud Confidence Index’ – thus determining them unready for enterprise. The report also claims that IT professionals were underestimating the usage of apps in their business by as much as nine or ten times, assuming that no more than 40-50 were being deployed.

sanjay-beriSanjay Beri, CEO and Founder of Netskope, highlights the trend. “The writing is on the wall – enterprises are continuing to adopt cloud apps and are more invested than ever in protecting their data. We saw that enterprises who block apps with network perimeter technologies, like next-gen firewalls and secure web gateways, aren’t achieving their objectives because most of the usage is in the exceptions”.

Beri calls this phenomenon ‘exception sprawl’, and says that the lesson that businesses must take from the information is cloud usage is now an unstoppable wave that must be embraced rather than challenged. The report claims the solution to this ‘exception sprawl’ is for IT departments to leverage solutions that provide context around app usage by enacting security controls across all of the user, device and activity levels.

These security levels become even more important when it is considered what the cloud apps are most used for; the report found that the four most common activities were ‘create’, ‘edit’, ‘download’, and ‘share’ – all of which could potentially cause a headache for IT departments by potentially allowing data leakage of customer information, intellectual property or other proprietary information.

Away from the headline discoveries, the report also shed an interesting light of some of the day-to-day cloud app usage facts. The top five most used apps were Twitter, Facebook, Box, Amazon Cloud Drive and Microsoft Office 365 respectively, while Google Drive and Dropbox also featured in the top ten. It also pointed out that the top five app categories were human resources (HR), collaboration, storage, finance and accounting – which coincidentally were also the least cloud-ready (97 percent of marketing app and 94 percent of both HR and accounting apps were considered unready).

These type of reports give a useful insight, but are ultimately worthless unless stakeholders use them to instigate change.IT departments have to use the findings to realise that wholesale blocking by firewalls and secure web gateways isn’t practical and often creates a false sense of security. They need to introduce more robust, modern and effect controls to help ensure data leakage doesn’t become a threat to their business operation.

By Daniel Price

About Daniel Price

Daniel is a Manchester-born UK native who has abandoned cold and wet Northern Europe and currently lives on the Caribbean coast of Mexico. A former Financial Consultant, he now balances his time between writing articles for several industry-leading tech (CloudTweaks.com & MakeUseOf.com), sports, and travel sites and looking after his three dogs.

View Website
View All Articles

Sorry, comments are closed for this post.

Three Tips To Simplify Governance, Risk and Compliance

Three Tips To Simplify Governance, Risk and Compliance

Governance, Risk and Compliance Businesses are under pressure to deliver against a backdrop of evolving regulations and security threats. In the face of such challenges they strive to perform better, be leaner, cut costs and be more efficient. Effective governance, risk and compliance (GRC) can help preserve the business’ corporate integrity and protect the brand,…

Adopting A Cohesive GRC Mindset For Cloud Security

Adopting A Cohesive GRC Mindset For Cloud Security

Cloud Security Mindset Businesses are becoming wise to the compelling benefits of cloud computing. When adopting cloud, they need a high level of confidence in how it will be risk-managed and controlled, to preserve the security of their information and integrity of their operations. Cloud implementation is sometimes built up over time in a business,…

Cloud-Based Services vs. On-Premises: It’s About More Than Just Dollars

Cloud-Based Services vs. On-Premises: It’s About More Than Just Dollars

Cloud-Based Services vs. On-Premises The surface costs might give you pause, but the cost of diminishing your differentiators is far greater. Will a shift to the cloud save you money? Potential savings are historically the main business driver cited when companies move to the cloud, but it shouldn’t be viewed as a cost-saving exercise. There…

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

DDoS Attacks October 21st, 2016 went into the annals of Internet history for the large scale Distributed Denial of Service (DDoS) attacks that made popular Internet properties like Twitter, SoundCloud, Spotify and Box inaccessible to many users in the US. The DDoS attack happened in three waves targeting DNS service provider Dyn, resulting in a total of about…

Using Private Cloud Architecture For Multi-Tier Applications

Using Private Cloud Architecture For Multi-Tier Applications

Cloud Architecture These days, Multi-Tier Applications are the norm. From SharePoint’s front-end/back-end configuration, to LAMP-based websites using multiple servers to handle different functions, a multitude of apps require public and private-facing components to work in tandem. Placing these apps in entirely public-facing platforms and networks simplifies the process, but at the cost of security vulnerabilities. Locating everything…

Data Breaches: Incident Response Planning – Part 1

Data Breaches: Incident Response Planning – Part 1

Incident Response Planning – Part 1 The topic of cybersecurity has become part of the boardroom agendas in the last couple of years, and not surprisingly — these days, it’s almost impossible to read news headlines without noticing yet another story about a data breach. As cybersecurity shifts from being a strictly IT issue to…

Three Reasons Cloud Adoption Can Close The Federal Government’s Tech Gap

Three Reasons Cloud Adoption Can Close The Federal Government’s Tech Gap

Federal Government Cloud Adoption No one has ever accused the U.S. government of being technologically savvy. Aging software, systems and processes, internal politics, restricted budgets and a cultural resistance to change have set the federal sector years behind its private sector counterparts. Data and information security concerns have also been a major contributing factor inhibiting the…

The Cancer Moonshot: Collaboration Is Key

The Cancer Moonshot: Collaboration Is Key

Cancer Moonshot In his final State of the Union address in January 2016, President Obama announced a new American “moonshot” effort: finding a cure for cancer. The term “moonshot” comes from one of America’s greatest achievements, the moon landing. If the scientific community can achieve that kind of feat, then surely it can rally around…

Protecting Devices From Data Breach: Identity of Things (IDoT)

Protecting Devices From Data Breach: Identity of Things (IDoT)

How to Identify and Authenticate in the Expanding IoT Ecosystem It is a necessity to protect IoT devices and their associated data. As the IoT ecosystem continues to expand, the need to create an identity to newly-connected things is becoming increasingly crucial. These ‘things’ can include anything from basic sensors and gateways to industrial controls…