Between headlines from the latest stories on data breaches and the hottest new apps on the block, it’s easy to be captivated with what people are saying, blogging, and tweeting about the state of cloud adoption and security. But let’s face it: It’s hard to separate the hype from the truth, and stories about security can range from hyperbolic to accurately frightening.
The fifth installment of our quarterly Cloud Adoption and Risk (CAR) Report presents a data-based analysis of enterprise cloud usage. With cloud usage data from over 13 million enterprise employees and 350 organizations spanning all major verticals, the report is the industry’s most comprehensive and authoritative source of information on how employees are using cloud services. For the first time in the report’s history, we’ve partnered with the Cloud Security Alliance to gather IT managers’ perceptions on cloud adoption and risk and compare their perceptions with hard data. The results reveal a disparity between perception of enterprise cloud use and reality.
You can download the full report here. In addition to popular recurring features such as the Top 20 Enterprise Cloud Services and the Ten Fastest-Growing Applications, the latest report contains several shocking findings. View the slideshow below for more highlights from the report.
Mind the Cloud Enforcement Gap
IT often blocks cloud services that fail to meet their organization’s acceptable use policies. Due to changing cloud service URLs, inconsistent policy enforcement, and unmonitored exceptions, the cloud enforcement gap is a shocking 6x. For example, more than 50% of the enterprises intended to block Apple iCloud, but actual usage data showed iCloud was blocked in only 9% of the enterprises.
Don’t Underestimate Insider Threat
Security professionals believe insider threat incidents are rare, with only 17% of respondents aware of an incident at their organization in the past year. The reality is 85% of companies had cloud usage activity strongly indicative of insider threat.
The Cloud 1% and the 80-20 Rule
While the average organization employed 831 cloud services, the distribution of data revealed that 80% of data uploaded to the cloud goes to just 11 cloud services – less than 1% of the total number. Still, enterprises can’t ignore other cloud services: The remaining 20% of data account for 81.3% of anomalous activity indicative of malware, compromised account, and insider threat.
IT’s Worst Nightmare: The World’s Riskiest User
One anonymous user uploaded more than 15 GB of data to high-risk services such as Sourceforge and ZippyShare over 3 months. This individual used 182 high-risk cloud services, any one of which could have been a vector for confidential data to be inappropriately leaked or for malware to be introduced into the enterprise, thus proving that even a single employee is capable of significant damage to corporate security.