According to a recent Cloud Security Alliance survey, 61% of large companies have a cloud governance policy. That policy often includes what cloud services employees are permitted to use at work and what data can go to those cloud services. While many companies have a security awareness training program in place to educate employees on these policies, they are also taking additional steps to block access to certain applications. But just how effectively are organizations enforcing these access policies?

Mind the Gap

Not very well at all, it turns out. In conjunction with the Cloud Security Alliance we surveyed IT professionals from over 200 organizations to understand what cloud services they intend to block based on policy. We asked about a range of well-know cloud services from Facebook to Apple iCloud. Next, we measured the actual block rates in the wild. By comparing the two, we found there’s a significant “cloud enforcement gap” between what IT intends to block and actual block rates.

Working with individual companies, we’ve identified 3 main causes of the enforcement gap:

  • Cloud services regularly introduce new URLs and domains that are not yet blocked
  • Access policies are not standardized across all firewalls and proxies at branch offices
  • Certain groups in the company get an exception to use a service and these exceptions are often more broadly applied than intended
cloud enforcement gap 600

The enforcement gap is highest for Dropbox at 59 percent, followed by Instagram (44 percent), Tumblr (42 percent), and Apple iCloud (41 percent). While it’s debatable whether some of these services need to be blocked or not, they illustrate that companies are not able to enforce access policies as consistently as they may think. These policies are meant to protect the company and its data. Companies need to tighten policy enforcement to meet their security and compliance requirements.

To learn more about the cloud enforcement gap, the top 20 cloud services, and other cloud statistics, download the Cloud Adoption and Risk Report below.

Cloud Adoption & Risk Report Q3 2014

Based on data from over 13 million users, the definitive resource on cloud usage trends and risks.

Download Now