New Research Shows High Percentage Of Cloud Apps Not Enterprise Ready

Cloud Apps Not Enterprise Ready

Businesses are becoming increasingly reliant on cloud apps as their usage of cloud-based systems grows. A new report by Netskope, the leader in cloud app analytics and policy enforcement, has highlighted how several apps are getting blocked by network perimeter appliances yet being granted exceptions.

The research, co-conducted by the Ponemon Institute, based their findings on aggregated, anonymised data from the Netskope Active Platform, and took in results from thousands of users between January and March 2014.

The key findings were:

  • Enterprises use an average of 461 cloud applications, up from 397 in Q4 2013
  • 85 percent of cloud apps are not enterprise-ready
  • 90 percent of cloud app usage was in apps that were blocked at the perimeter but granted exceptions
  • The top policy violation was uploading to cloud storage

Of the 461 apps being used, they discovered that a worryingly high 85 percent only scored ‘medium’ or below in the ‘Cloud Confidence Index’ – thus determining them unready for enterprise. The report also claims that IT professionals were underestimating the usage of apps in their business by as much as nine or ten times, assuming that no more than 40-50 were being deployed.

Sanjay Beri, CEO and Founder of Netskope, highlights the trend. “The writing is on the wall – enterprises are continuing to adopt cloud apps and are more invested than ever in protecting their data. We saw that enterprises who block apps with network perimeter technologies, like next-gen firewalls and secure web gateways, aren’t achieving their objectives because most of the usage is in the exceptions”.

Beri calls this phenomenon ‘exception sprawl’, and says that the lesson that businesses must take from the information is cloud usage is now an unstoppable wave that must be embraced rather than challenged. The report claims the solution to this ‘exception sprawl’ is for IT departments to leverage solutions that provide context around app usage by enacting security controls across all of the user, device and activity levels.

These security levels become even more important when it is considered what the cloud apps are most used for; the report found that the four most common activities were ‘create’, ‘edit’, ‘download’, and ‘share’ – all of which could potentially cause a headache for IT departments by potentially allowing data leakage of customer information, intellectual property or other proprietary information.

Away from the headline discoveries, the report also shed an interesting light of some of the day-to-day cloud app usage facts. The top five most used apps were Twitter, Facebook, Box, Amazon Cloud Drive and Microsoft Office 365 respectively, while Google Drive and Dropbox also featured in the top ten. It also pointed out that the top five app categories were human resources (HR), collaboration, storage, finance and accounting – which coincidentally were also the least cloud-ready (97 percent of marketing app and 94 percent of both HR and accounting apps were considered unready).

These type of reports give a useful insight, but are ultimately worthless unless stakeholders use them to instigate change.IT departments have to use the findings to realise that wholesale blocking by firewalls and secure web gateways isn’t practical and often creates a false sense of security. They need to introduce more robust, modern and effect controls to help ensure data leakage doesn’t become a threat to their business operation.

By Daniel Price

Bitcoin electricity
Bitcoin Heating? Bitcoin mining or cryptocurrency mining has been widely vilified for it’s environmental impact. Why it does draw a huge amount of energy, more and more of it is coming from renewable sources and ...
Frank Suglia
Managing Data Sprawl Over the last two years, our world experienced a dramatic acceleration of digital transformation. The COVID-19 pandemic upended normal operations for many businesses and shifted the pace of technology adoption into warp ...
Louis
Real-time Enterprise Software Data Enterprise software startups are capitalizing on real-time data to continually improve revenue, costs, cash flow, marketing, and sales as their business grows. The majority of software startup CEOs spoken with have ...
Jim Fagan
Subsea Connectivity Digital transformation and the migration of data and applications to the cloud is a global phenomenon. While we may like to think that the cloud knows no borders, the reality is that geopolitics ...
Episode 16: Bigger is not always better: the benefits of working with smaller cloud providers
The benefits of working with smaller cloud providers A conversation with Ryan Pollock, VP Product Marketing and Developer Relationships for Vultr.com - Everyone knows who the big players are in the cloud business. But sometimes, ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.