Cloud Apps Not Enterprise Ready

Businesses are becoming increasingly reliant on cloud apps as their usage of cloud-based systems grows. A new report by Netskope, the leader in cloud app analytics and policy enforcement, has highlighted how several apps are getting blocked by network perimeter appliances yet being granted exceptions.

The research, co-conducted by the Ponemon Institute, based their findings on aggregated, anonymised data from the Netskope Active Platform, and took in results from thousands of users between January and March 2014.

The key findings were:

• Enterprises use an average of 461 cloud applications, up from 397 in Q4 2013
• 85 percent of cloud apps are not enterprise-ready
• 90 percent of cloud app usage was in apps that were blocked at the perimeter but granted exceptions
• The top policy violation was uploading to cloud storage

Of the 461 apps being used, they discovered that a worryingly high 85 percent only scored ‘medium’ or below in the ‘Cloud Confidence Index’ – thus determining them unready for enterprise. The report also claims that IT professionals were underestimating the usage of apps in their business by as much as nine or ten times, assuming that no more than 40-50 were being deployed.

Sanjay Beri, CEO and Founder of Netskope, highlights the trend. “The writing is on the wall – enterprises are continuing to adopt cloud apps and are more invested than ever in protecting their data. We saw that enterprises who block apps with network perimeter technologies, like next-gen firewalls and secure web gateways, aren’t achieving their objectives because most of the usage is in the exceptions”.

Beri calls this phenomenon ‘exception sprawl’, and says that the lesson that businesses must take from the information is cloud usage is now an unstoppable wave that must be embraced rather than challenged. The report claims the solution to this ‘exception sprawl’ is for IT departments to leverage solutions that provide context around app usage by enacting security controls across all of the user, device and activity levels.

These security levels become even more important when it is considered what the cloud apps are most used for; the report found that the four most common activities were ‘create’, ‘edit’, ‘download’, and ‘share’ – all of which could potentially cause a headache for IT departments by potentially allowing data leakage of customer information, intellectual property or other proprietary information.

Away from the headline discoveries, the report also shed an interesting light of some of the day-to-day cloud app usage facts. The top five most used apps were Twitter, Facebook, Box, Amazon Cloud Drive and Microsoft Office 365 respectively, while Google Drive and Dropbox also featured in the top ten. It also pointed out that the top five app categories were human resources (HR), collaboration, storage, finance and accounting – which coincidentally were also the least cloud-ready (97 percent of marketing app and 94 percent of both HR and accounting apps were considered unready).

These type of reports give a useful insight, but are ultimately worthless unless stakeholders use them to instigate change.IT departments have to use the findings to realise that wholesale blocking by firewalls and secure web gateways isn’t practical and often creates a false sense of security. They need to introduce more robust, modern and effect controls to help ensure data leakage doesn’t become a threat to their business operation.

By Daniel Price