Skyhigh Networks Cloud Adoption and Risk Report Uncovers Key Trends in Cloud Usage, Risks, and Malware

Third Edition of the Industry Report Analyzes Data from More than 8 Million Users Across Over 250 Organizations Accessing Thousands of Cloud Services

CUPERTINO, Calif. – May 7, 2014 Skyhigh Networks, the Cloud Visibility and Enablement company, today released the third edition of its quarterly Cloud Adoption and Risk Report. Since the first report published in September 2013, it continues to be the only industry report to analyze not only the actual usage of cloud services but also the risks they present to organizations. The full report can be found on the Skyhigh Networks website.

“With this report, we uncovered trends beyond the presence of shadow IT in the enterprise,” said Rajiv Gupta, CEO of Skyhigh Networks. “We provide real data around cloud usage, adoption of enterprise-ready services, the category of services demanded by employees, as well as malware and other vulnerabilities from these cloud services. It’s this type of data and analysis that CIOs use to maximize the value of cloud services and help drive an organized, productive, and safe movement to the cloud.”

Use of Cloud Services is Accelerating

Data from more than 250 organizations shows that 3,571 cloud services are in use across more than 8.3 million users, as opposed to 2,675 last quarter (33% growth). 759 cloud services are in use by an organization on average, as opposed to 626 last quarter (21% growth).

Percentage of Enterprise-Ready Services is Decreasing

Of the 3,571 cloud services used, only 7% of services were Skyhigh Enterprise-Ready, meaning that they fully satisfied the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection. This is significantly down from 11% last quarter. This suggests that a majority of new cloud services used by employees are exposing organizations to risk.

Fragmented Cloud Service Use is Impeding Collaboration, Driving Greater Risks and Higher Costs

On average, an organization is using 24 different file sharing services and 91 different collaboration services. This not only impedes collaboration and leads to employee frustration, but also results in greater risk since 60% of the file sharing services used are high risk services. IT organizations have a unique opportunity to drive consolidation while continuing to offer choices to their employees.

Astonishingly, One-Third of Cloud Services Were Vulnerable to Heartbleed

Out of the 3,571 services in use, 33% (1,173) were vulnerable to the Heartbleed bug – leaving user data, passwords, and private keys open to theft. Due to the steps cloud service providers have taken to protect themselves, that number has gradually declined to less than 1%.

18% of Use is from Windows XP

Microsoft ended support for its Windows XP Operating System on April 8. For the most part, enterprises have upgraded from XP to the latest operating systems, but a significant 18% of companies had at least 1,000 devices running XP that were accessing public cloud services. The XP end-of-life event means that these devices may be unpatched and vulnerable, exposing the organizations to risk.

Malware: A Pervasive Threat

The malware problem is alive and well, as 29% of organizations had anomalous cloud access indicative of malware. In addition, 16% of organizations had anomalous cloud access to services that store business critical data, introducing an even higher level of risk.

EU-Based Cloud Services: From the Frying Pan to the Fire

Given the concerns around the US Patriot Act and US government-issued blind subpoenas, there is a growing school of thought advocating the use of cloud services headquartered in privacy-friendly countries (i.e. the European Union). However, 9% of cloud services headquartered in the EU are high risk, compared to only 5% of cloud services headquartered in the US. So, while EU-based cloud services provide protection from the US Patriot Act, they do expose organizations to greater security risks.

The full report is available here:

# # #


The Skyhigh Cloud Adoption and Risk Report is based on anonymized data from more than 8.3 million users across more than 250 companies spanning ten industry verticals. The top ten and top twenty services lists are based on users of the service. The risk of each service is based on Skyhigh CloudTrust™ Program, which assigns a risk rating based on a detailed, objective, and weighted assessment of more than 50 attributes across data risk, user/device risk, service risk, business risk, and legal risk.


Skyhigh Networks, the Cloud Visibility and Enablement Company, enables companies to embrace cloud services with appropriate levels of security, compliance, and governance. The company mission is to help CIOs securely enable cloud services that drive productivity and innovation within their businesses, while lowering risk and cost. Customers including BMC Software, Cisco, Creative Artists Agency (CAA), Diebold and DirecTV use Skyhigh to manage their “Cloud Adoption Lifecycle” with unparalleled visibility, usage analytics, and policy enforcement. Headquartered in Cupertino, Calif., Skyhigh Networks is backed by Greylock Partners and Sequoia Capital. For more information, visit us at or follow us on Twitter @skyhighnetworks.


Katy Garlinghouse

Director, Corporate Communications

(408) 564-0278

Cloud report q2 2014a - resouce thumbSkyhigh Cloud Adoption & Risk Report

Get the latest version of the report