Skyhigh Networks New Report Reveals Significant Policy Enforcement Gaps and Latent Insider Threat Risks

Q3 report compares usage data from over 13 million enterprise users with perceptions of cloud security and risk

CUPERTINO, Calif. — October 21, 2014 Skyhigh Networks, the Cloud Visibility and Enablement Company, released the fifth edition of its quarterly Cloud Adoption and Risk Report. The report analyzes data from over 13 million enterprise employees across more than 350 organizations representing all industry verticals. For the first time in the report’s history, Skyhigh has partnered with the Cloud Security Alliance to compare actual usage and risk metrics with survey responses from security professionals.

The full report is available here:

“From the latest data exfiltration patterns to the fastest-growing SaaS applications, insight into cloud use allows IT to become proactive enablers of next-generation cloud services,” said Rajiv Gupta, CEO of Skyhigh Networks. “Additionally, side-by-side comparison of user behavior versus IT beliefs confirms that misperceptions exist around cloud usage, and reinforces the necessity of fact-driven decisions to guide an enterprise’s journey to the cloud.”

In addition to updates on recurring features such as the top cloud services by category, this quarter’s report yields several findings on the state of enterprise cloud use and security.

A 6x Cloud Enforcement Gap

IT often blocks cloud services that fail to meet their organization’s acceptable use policies. Due to changing cloud service URLs, inconsistent policy enforcement, and unmonitored exceptions, the cloud enforcement gap is a shocking 6x. For example, more than 50% of the enterprises intended to block Apple iCloud but the actual usage data showed that Apple iCloud was blocked in only 9% of the enterprises.

A 5x Latent Insider Threat Risk

Security professionals believe insider threat incidents are rare, with only 17% of respondents aware of an incident at their organization in the past year. The reality is 85% of companies had cloud usage activity strongly indicative of insider threat.

The Cloud 1% and the 80-20 Rule

While the average organization employed 831 cloud services, the distribution of data movement across services revealed that 80% of data uploaded to the cloud goes to just 1%, or 11, cloud services including enterprise services like Box, and consumer services like Youtube and Facebook. From a security and compliance standpoint, however, enterprises still need to focus on the long tail because services housing the remaining 20% of data account for 81.3% of anomalous activity indicative of malware, compromised account, and insider threat.

IT’s Worst Nightmare: The World’s Riskiest User

One anonymous user uploaded more than 15 GB of data to high-risk services such as Sourceforge and ZippyShare over 3 months. This individual used 182 high-risk cloud services, any one of which could have been a vector for confidential data to be inappropriately leaked or for malware to be introduced into the enterprise, thus proving that even a single employee is capable of significant damage to corporate security.

About Skyhigh Networks

Skyhigh Networks, the Cloud Visibility and Enablement Company, enables enterprises to embrace cloud services with appropriate levels of security, compliance, and governance. Over 200 enterprises including Cisco, DirecTV, Equinix, HP, and Western Union use Skyhigh to manage their “Cloud Adoption Lifecycle” with unparalleled visibility and risk assessment, usage and threat analytics, and seamless policy enforcement. Headquartered in Cupertino, Calif., Skyhigh Networks is backed by Greylock Partners and Sequoia Capital. For more information, visit us at or follow us on Twitter @skyhighnetworks.



Michelle Marin

(408) 564-0278