The Pareto Principle, better known as the 80-20 rule, applies to many areas of life. It’s said, for instance, that 80% of results spring from 20% of the effort. The rule was first recognized by economist Vilfredo Pareto who found in 1906 that 80% of land in Italy was owned by 20% of its citizens. With a land grab happening for new software markets hosted in the cloud, we wanted to revisit this classic phenomenon to see if it still applies today. What we found is that it’s even more extreme, with 80% of data uploaded to the cloud going to less than 1% of cloud services.
In Skyhigh’s latest Cloud Adoption & Risk Report, we looked at anonymized usage data for 13 million users at over 350 companies worldwide. We found that 80% of data uploaded to the cloud is uploaded to just 11 cloud services, out of over 8,000 cloud services available globally. The services on the list are a mix of enterprise and consumer services.
Some of them are known for storing or transferring rich media such as YouTube, Cisco WebEx, Facebook, and Apple iCloud. Others are file sharing and collaboration services including Box, Dropbox, Microsoft Office 365, Jive, and Google Drive. Box has made significant inroads in the enterprise in recent years, and counts some of the largest companies in the world as customers. But it’s still surprising that almost a quarter of all data went to Box. This makes sense given that companies have migrated their entire file storage to Box away from traditional file servers.
Considering that most data is in just a handful of cloud services, you might think that IT doesn’t need to worry about shadow IT. However, there’s another 80-20 rule when it comes to the cloud. We also found that 81.3% of anomalous activity that’s indicative of malware, compromised accounts, and insider threats occurs in the long tail of cloud services that store 20% of the data. You need to focus security efforts on those services as well. There are no shortcuts when it comes to cloud security.