We are thrilled to release the third edition of the quarterly Skyhigh Cloud Adoption and Risk Report. The purpose of the report, as before, is to provide hard data on the actual use of cloud services within enterprises of all sizes. This report summarizes anonomized data from approximately 8.3 million users across 250 companies and 10 industries.
The key findings from the report are listed below and the full report and infographic can be downloaded here.
Use of Cloud Services is Accelerating
Data from more than 250 organizations shows that 3,571 cloud services are in use across more than 8.3 million users, as opposed to 2,675 last quarter (33% growth). 759 cloud services are in use by an organization on average, as opposed to 626 last quarter (21% growth).
Percentage of Enterprise-Ready Services is Decreasing
Of the 3,571 cloud services used, only 7% of services were Skyhigh Enterprise-Ready, meaning that they fully satisfied the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection. This is significantly down from 11% last quarter. This suggests that a majority of new cloud services used by employees are exposing organizations to risk.
Fragmented Cloud Service Use is Impeding Collaboration, Driving Greater Risks and Higher Costs
On average, an organization is using 24 different file sharing services and 91 different collaboration services. This not only impedes collaboration and leads to employee frustration, but also results in greater risk since 60% of the file sharing services used are high risk services. IT organizations have a unique opportunity to drive consolidation while continuing to offer choices to their employees.
Astonishingly, One-Third of Cloud Services Were Vulnerable to Heartbleed
Out of the 3,571 services in use, 33% (1,173) were vulnerable to the Heartbleed bug – leaving user data, passwords, and private keys open to theft. Due to the steps cloud service providers have taken to protect themselves, that number has gradually declined to less than 1%.
18% of Use is from Windows XP
Microsoft ended support for its Windows XP Operating System on April 8. For the most part, enterprises have upgraded from XP to the latest operating systems, but a significant 18% of companies had at least 1,000 devices running XP that were accessing public cloud services. The XP end-of-life event means that these devices may be unpatched and vulnerable, exposing the organizations to risk.
Malware: A Pervasive Threat
The malware problem is alive and well as 29% of organizations had anomalous cloud access indicative of malware. In addition, 16% of organizations had anomalous cloud access to services that store business critical data, introducing an even higher level of risk.
EU-Based Cloud Services: From the Frying Pan to the Fire
Given the concerns around the US Patriot Act and US government-issued blind subpoenas, there is a growing school of thought advocating the use of cloud services that are headquartered in privacy-friendly countries (i.e. EU). However, 9% of cloud services headquartered in the EU are high risk, compared to only 5% of cloud services headquartered in the US. So, while EU-based cloud services provide protection from the US Patriot Act, they do expose organizations to greater security risks.
CASB Magic Quadrant 2019 is here – McAfee a Leader for third consecutive year
CASB RFP Template: 200+ Common Questions Enterprises Are Asking
9 Cloud Computing Security Risks Every Company Faces
Office 365 Security Concerns: Download Definitive Guide to Office 365 eBook
51 AWS Security Best Practices