Between frequent headlines on data breaches and the growth of Shadow IT, it is easy to be captivated with what people are saying, blogging, and tweeting about the state of cloud adoption and security. But the fact is – it’s hard to separate the hype from the truth, and stories about security are often rich in speculation or exaggeration.
The sixth installment of our quarterly Cloud Adoption and Risk (CAR) Report presents a hard data-based analysis of enterprise cloud usage. With cloud usage data from over 15 million enterprise employees and 350 enterprises spanning all major verticals, this report is the industry’s most comprehensive and authoritative source of information on how employees are using cloud services. And, with a full year of usage statistics, this latest edition of the report is the industry’s most comprehensive to date.
You can download the full report here. In addition to popular recurring features such as the Top 20 Enterprise Cloud Services and the Ten Fastest-Growing Applications, the latest report contains several eye-opening findings. View the slideshow below for more highlights from the report.
The Average Number of Cloud Services in Use Increased 43%
The average company had 897 cloud services in use in Q4, up from 626 in Q4 last year. This growth was lopsided across categories. Development services (e.g. GitHub, SourceForce, etc.) experienced the largest rate of growth at 97%. The second fastest-growing category is collaboration (e.g. Microsoft Office 365, Gmail, etc.), which grew 53% despite already having a high number of services in use.
The Number of CSPs with Enterprise Security Capabilities Doubled
The number of cloud service providers investing in key security capabilities more than doubled in 2014. Specifically, 1,082 (11% of all services) now encrypt data at rest versus 470 in Q4 2013, 1,459 (17%) offer multi-factor authentication versus 705 in Q4 2013, and 533 (5%) hold ISO 27001 certification versus 188 in Q4 2013. At the same time, over 89% of the cloud services lack basic security capabilities required by enterprises.
Over One Third of Employees Upload Sensitive Data to File Sharing Services
37% of employees upload sensitive data to file sharing services, and 22% of all files uploaded to file sharing services contained sensitive data. Beyond file sharing, 4% of fields in other critical business applications such as CRM contain sensitive personally identifiable information (PII) or personal health information (PHI) data subject to regulatory compliance.
One Tenth of Corporate File Sharing Is External
Analyzing the use of file sharing and collaboration services revealed that 11% of documents were shared with business partners outside the company. Of externally shared documents, 9% contained sensitive data. Even more concerning was the fact that 18% of external collaboration requests went to third party email addresses (e.g. Gmail, Hotmail, and Yahoo! Mail).
92% of Companies Have Compromised Credentials
The vast majority of companies have users with at least one stolen credential, and the average company had 12% of users affected. The most exposed industries are Real Estate, High Tech, and Utilities, while the least exposed are Government and Healthcare. With 31% of passwords reused across websites and applications, stolen login credentials pose significant risk to corporate data.