It looks like there is a major disconnect between businesses and their cloud usage and what cloud services providers are reporting.
The Cloud Security Alliance (CSA) released the results of a new survey that found a significant difference between the numbers of cloud-based applications IT and security professionals believe to be running in their environments, and the number reported by cloud application vendors.
Among other things, the survey found that 54 per cent of IT and security professionals said they have 10 or fewer cloud-based applications running in their organization, with 87 per cent indicating that they had 50 or fewer applications running in the cloud (with a weighted average of 23 apps per organization). These estimates are far lower than commonly reported by vendors and research reports, which count more than 500 cloud apps present, on average, per enterprise.
Recently IDC Canada reported that 17 per cent of lines of business have rogue IT in their departments.
Jim Reavis, CEO of the CSA, said these results are particularly interesting and at the same time concerning.
“It’s hard to control what you can’t see. If you are only seeing one tenth of your actual cloud usage, it’s impossible to put cloud policies in place to protect users and data. This tells us that cloud app discovery tools, along with analytical tools on cloud app policy use and restrictions, are very important in the workplace, especially when it comes to sensitive data being used by cloud applications,” he said.
The survey is called Cloud Usage: Risks and Opportunities. The CSA, based in San Jose, Calif., said the aim of the survey was to gain insight and understand the perceptions of how enterprises are using cloud apps, what kinds of data is moving to and through those apps, and what that means in terms of risk.
The survey includes responses from IT and security professionals from around the world. They represent various industry verticals and enterprise sizes.
The survey was sponsored by Netskope, a safe cloud enablement organization and Okta, an enterprise-grade identity management service.
On the positive side, for known cloud apps, the vast majority of respondents report having policies and procedures in place to protect data and ensure compliance, and most report that those policies are well-enforced. When looking at the most protected cloud apps, nearly 80 per cent of policy enforcement is in cloud storage and cloud backup, indicating serious concerns about data leakage and protection.
In addition, more than 50 per cent of the respondents reported having a policy addressing bring-your-own-device (BYOD) and a further 80 per cent believe it is at least somewhat followed.
The CSA is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing.