We are thrilled to release the third edition of the quarterly Skyhigh Cloud Adoption and Risk Report. The purpose of the report, as before, is to provide hard data on the actual use of cloud services within enterprises of all sizes. This report summarizes anonomized data from approximately 8.3 million users across 250 companies and 10 industries.

The key findings from the report are listed below and the full report and infographic can be downloaded here.

Use of Cloud Services is Accelerating

Data from more than 250 organizations shows that 3,571 cloud services are in use across more than 8.3 million users, as opposed to 2,675 last quarter (33% growth). 759 cloud services are in use by an organization on average, as opposed to 626 last quarter (21% growth).

Percentage of Enterprise-Ready Services is Decreasing

Of the 3,571 cloud services used, only 7% of services were Skyhigh Enterprise-Ready, meaning that they fully satisfied the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection. This is significantly down from 11% last quarter. This suggests that a majority of new cloud services used by employees are exposing organizations to risk.

Fragmented Cloud Service Use is Impeding Collaboration, Driving Greater Risks and Higher Costs

On average, an organization is using 24 different file sharing services and 91 different collaboration services. This not only impedes collaboration and leads to employee frustration, but also results in greater risk since 60% of the file sharing services used are high risk services. IT organizations have a unique opportunity to drive consolidation while continuing to offer choices to their employees.

Astonishingly, One-Third of Cloud Services Were Vulnerable to Heartbleed

Out of the 3,571 services in use, 33% (1,173) were vulnerable to the Heartbleed bug – leaving user data, passwords, and private keys open to theft. Due to the steps cloud service providers have taken to protect themselves, that number has gradually declined to less than 1%.

18% of Use is from Windows XP

Microsoft ended support for its Windows XP Operating System on April 8. For the most part, enterprises have upgraded from XP to the latest operating systems, but a significant 18% of companies had at least 1,000 devices running XP that were accessing public cloud services. The XP end-of-life event means that these devices may be unpatched and vulnerable, exposing the organizations to risk.

Malware: A Pervasive Threat

The malware problem is alive and well as 29% of organizations had anomalous cloud access indicative of malware. In addition, 16% of organizations had anomalous cloud access to services that store business critical data, introducing an even higher level of risk.

EU-Based Cloud Services: From the Frying Pan to the Fire

Given the concerns around the US Patriot Act and US government-issued blind subpoenas, there is a growing school of thought advocating the use of cloud services that are headquartered in privacy-friendly countries (i.e. EU). However, 9% of cloud services headquartered in the EU are high risk, compared to only 5% of cloud services headquartered in the US. So, while EU-based cloud services provide protection from the US Patriot Act, they do expose organizations to greater security risks.