CAMPBELL, Calif. — February 11, 2015 – Skyhigh Networks, the Cloud Security and Enablement Company, released today the latest quarterly Cloud Adoption and Risk Report. This report analyzes actual cloud usage data from over 15 million enterprise employees across 350 enterprises. Although the study found a record high percentage of cloud applications with enterprise-ready security capabilities, risks associated with shadow IT persist. These risks include use of cloud services that don’t encrypt data at rest, external sharing of sensitive corporate data, and compromised credentials. With a full year of usage statistics, this latest edition of the report is the industry’s most comprehensive to date.
The full report is available here: https://www.skyhighnetworks.com/cloud-report/
“2014 will go down as the year of the cloud’s arrival as a fundamental tool for the Global 5000 enterprise,” said Kamal Shah, VP of Products and Marketing at Skyhigh Networks. “The average employee uses 27 cloud services, many of which represent unsanctioned or shadow IT and highlight the growing risk and opportunity for IT teams to securely enable cloud services within their organizations.”
In addition to updates on recurring features such as the top cloud services by category, this quarter’s report provides annual statistics for 2014.
The Average Number of Cloud Services in Use Increased 43%
The average company had 897 cloud services in use in Q4, up from 626 in Q4 last year. This growth was lopsided across categories. Development services (e.g. GitHub, SourceForce, etc.) experienced the largest rate of growth at 97%. The second fastest-growing category is collaboration (e.g. Microsoft Office 365, Gmail, etc.), which grew 53% despite already having a high number of services in use.
The Number of CSPs with Enterprise Security Capabilities Doubled
The number of cloud service providers investing in key security capabilities more than doubled in 2014. Specifically, 1,082 (11% of all services) encrypt data at rest versus 470 in Q4 2013, 1,459 (17%) offer multi-factor authentication versus 705 in Q4 2013, and 533 (5%) hold ISO 27001 certification versus 188 in Q4 2013. At the same time, over 89% of the cloud services lack basic security capabilities required by enterprises.
Over One Third of Employees Upload Sensitive Data to File Sharing Services
37% of employees upload sensitive data to file sharing services, and 22% of all files uploaded to file sharing services contained sensitive data. Beyond file sharing, 4% of fields in other critical business applications such as CRM contain sensitive personally identifiable information (PII) or personal health information (PHI) data subject to regulatory compliance.
One Tenth of Corporate File Sharing Is External
Analyzing the use of file sharing and collaboration services revealed that 11% of documents were shared with business partners outside the company. Of externally shared documents, 9% contained sensitive data. Even more concerning was the fact that 18% of external collaboration requests went to third party email addresses (e.g. Gmail, Hotmail, and Yahoo! Mail).
92% of Companies Have Compromised Credentials
The vast majority of companies have users with at least one stolen credential and the average company had 12% of users affected. The most exposed industries are Real Estate, High Tech, and Utilities, while the least exposed are Government and Healthcare. With 31% of passwords reused across websites and applications, stolen login credentials pose significant risk to corporate data.
About Skyhigh Networks
Skyhigh Networks, the Cloud Visibility and Enablement Company, enables enterprises to embrace cloud services with appropriate levels of security, compliance, and governance. Over 350 enterprises including Cisco, DIRECTV, Equinix, HPE, and Western Union use Skyhigh to manage their “Cloud Adoption Lifecycle” with unparalleled visibility and risk assessment, usage and threat analytics, and seamless policy enforcement. Headquartered in Campbell, Calif., Skyhigh Networks is backed by Greylock Partners and Sequoia Capital. For more information, visit us at www.skyhighnetworks.com or follow us on Twitter @skyhighnetworks.