Risk
2/26/2014
06:45 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Netskope Survey: More Than 60 Percent Of IT's Most Security Savvy Professionals Are Either Unaware Of Their Company's Cloud App Policies Or Don't Have One

In absence of cloud app policies, more than two-thirds of attendees surveyed said they would consider their company's privacy policy before downloading an app

SAN FRANCISCO, Feb. 26, 2014 /PRNewswire/ -- RSA CONFERENCE 2014 – Today from RSA Conference USA 2014, Netskope&trade, the leader in real-time cloud app analytics and policy enforcement, announced results of a survey on information security professionals' use of cloud apps. Netskope found that despite widespread adoption of cloud apps in the enterprise, most IT security professionals are either unaware of their company's cloud app policy or don't have one. In the absence of cloud app policies, more than two-thirds of attendees surveyed said they would consider their company's privacy policy before downloading an app.

As cloud apps proliferate in the enterprise, the security and privacy risks associated with use of these apps at work is on the rise. According to the recent Netskope Cloud Report, the typical enterprise is using 397 apps, or as much as 10 times the number that IT typically has within its purview. Furthermore, 77% of cloud apps are not enterprise-ready, leaving IT with the challenge of securing these apps and putting policies in place to guide their use.

"It's not surprising to see that although cloud app usage has caught on in the enterprise, the majority of companies are behind on establishing clear policies and guidelines, and as a result employees are in the dark about the implications of their app usage," said Sanjay Beri, founder and CEO, Netskope. "With the amazing benefits that cloud apps bring, enterprises also shoulder significant risks that can no longer be ignored. We expect to see cloud app analytics and policy implementation become a top priority in the coming months as businesses look to optimize their usage of cloud apps with an eye on both agility and security."

The survey – which provides a snapshot of user and corporate practices among a sample of RSA attendees – offered up these conclusions:

Policies Lag Despite Growing Cloud App Adoption in the Enterprise

Although enterprises have more cloud apps in use by employees than ever before, 44% of those surveyed said their company doesn't have a cloud app policy in place. Furthermore, 17% of employees are unaware if their company has a policy.

Employees Want to Consider Company Policy Before Using a Cloud App

Despite the rise of unsanctioned cloud apps in the enterprise, also called "Shadow IT," the majority of respondents take into consideration their company privacy policy before signing up for a cloud app account. Seventy percent of those surveyed said they consider the rules before browsing or hitting the app store, which is good news for companies that have policies in place.

Storage and Consumer Apps are perceived as IT No-No's

When asked about the top apps they do not want IT to know about, respondents said that storage and consumer apps are top of mind. The top three apps they want to keep off IT's radar are:

1. Dropbox (Storage)

2. Twitter (Consumer)

3. Facebook (Consumer)

Netskope helps enterprises identify cloud app usage and enforce policies that protect sensitive information and prevent data loss by giving IT the real-time visibility, deep analytics, and policy enforcement needed to confidently embrace cloud computing. Netskope's solution enables enterprises to improve compliance with data governance rules across industries while supporting the use of cloud apps that enable employees to get their jobs done. For more information visit: http://www.netskope.com/product/.

Survey Methodology

Live interviews were conducted with 120 RSA USA Conference attendees between February 24 and February 25, 2014.

Find Netskope at RSA:

SESSION:

Let Your Users Go Rogue

DATE:

Thursday, February 27 at 10:40 a.m. PT

LOCATION:

Moscone Center, San Francisco

SPEAKERS:

Sanjay Beri, CEO, Netskope (moderator)

Alan Boehme, chief of enterprise architecture, business innovation and emerging technologies, The Coca-Cola Company

Arthur Lessard, senior vice president and chief information security officer, Universal Music Group

Mike Kail, vice president of IT operations, Netflix

OVERVIEW:

Shadow IT is scary! But maybe letting people "go rogue" is a good thing. Join industry thought leaders for a contrarian viewpoint and lively discussion on how to let people use their favorite cloud apps while protecting corporate networks and sensitive data from threats. Learn how they're using big data to gain security visibility and come away with practical advice for enforcing cloud policies.

About Netskope

Netskope&trade is the leader in cloud app analytics and policy enforcement. Only Netskope eliminates the catch-22 between being agile and being secure and compliant by providing complete visibility, enforcing sophisticated policies, and protecting data in cloud apps. The Netskope Active Platform&trade performs deep analytics and lets decision-makers create policies in a few clicks that prevent the loss of sensitive data and optimize cloud app usage in real-time and at scale, whether IT manages the app or not. With Netskope, people get their favorite cloud apps and the business can move fast, with confidence.Netskope is headquartered in Los Altos, California. Visit us at www.netskope.com and follow us on Twitter @Netskope.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-3304
Published: 2014-10-30
Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.

CVE-2013-7409
Published: 2014-10-30
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file.

CVE-2014-3446
Published: 2014-10-30
SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in BSS Continuity CMS 4.2.22640.0 allows remote attackers to execute arbitrary SQL commands via the nodeid parameter.

CVE-2014-3584
Published: 2014-10-30
The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service.

CVE-2014-3623
Published: 2014-10-30
Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vect...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.