Risk
2/26/2014
06:45 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Netskope Survey: More Than 60 Percent Of IT's Most Security Savvy Professionals Are Either Unaware Of Their Company's Cloud App Policies Or Don't Have One

In absence of cloud app policies, more than two-thirds of attendees surveyed said they would consider their company's privacy policy before downloading an app

SAN FRANCISCO, Feb. 26, 2014 /PRNewswire/ -- RSA CONFERENCE 2014 – Today from RSA Conference USA 2014, Netskope&trade, the leader in real-time cloud app analytics and policy enforcement, announced results of a survey on information security professionals' use of cloud apps. Netskope found that despite widespread adoption of cloud apps in the enterprise, most IT security professionals are either unaware of their company's cloud app policy or don't have one. In the absence of cloud app policies, more than two-thirds of attendees surveyed said they would consider their company's privacy policy before downloading an app.

As cloud apps proliferate in the enterprise, the security and privacy risks associated with use of these apps at work is on the rise. According to the recent Netskope Cloud Report, the typical enterprise is using 397 apps, or as much as 10 times the number that IT typically has within its purview. Furthermore, 77% of cloud apps are not enterprise-ready, leaving IT with the challenge of securing these apps and putting policies in place to guide their use.

"It's not surprising to see that although cloud app usage has caught on in the enterprise, the majority of companies are behind on establishing clear policies and guidelines, and as a result employees are in the dark about the implications of their app usage," said Sanjay Beri, founder and CEO, Netskope. "With the amazing benefits that cloud apps bring, enterprises also shoulder significant risks that can no longer be ignored. We expect to see cloud app analytics and policy implementation become a top priority in the coming months as businesses look to optimize their usage of cloud apps with an eye on both agility and security."

The survey – which provides a snapshot of user and corporate practices among a sample of RSA attendees – offered up these conclusions:

Policies Lag Despite Growing Cloud App Adoption in the Enterprise

Although enterprises have more cloud apps in use by employees than ever before, 44% of those surveyed said their company doesn't have a cloud app policy in place. Furthermore, 17% of employees are unaware if their company has a policy.

Employees Want to Consider Company Policy Before Using a Cloud App

Despite the rise of unsanctioned cloud apps in the enterprise, also called "Shadow IT," the majority of respondents take into consideration their company privacy policy before signing up for a cloud app account. Seventy percent of those surveyed said they consider the rules before browsing or hitting the app store, which is good news for companies that have policies in place.

Storage and Consumer Apps are perceived as IT No-No's

When asked about the top apps they do not want IT to know about, respondents said that storage and consumer apps are top of mind. The top three apps they want to keep off IT's radar are:

1. Dropbox (Storage)

2. Twitter (Consumer)

3. Facebook (Consumer)

Netskope helps enterprises identify cloud app usage and enforce policies that protect sensitive information and prevent data loss by giving IT the real-time visibility, deep analytics, and policy enforcement needed to confidently embrace cloud computing. Netskope's solution enables enterprises to improve compliance with data governance rules across industries while supporting the use of cloud apps that enable employees to get their jobs done. For more information visit: http://www.netskope.com/product/.

Survey Methodology

Live interviews were conducted with 120 RSA USA Conference attendees between February 24 and February 25, 2014.

Find Netskope at RSA:

SESSION:

Let Your Users Go Rogue

DATE:

Thursday, February 27 at 10:40 a.m. PT

LOCATION:

Moscone Center, San Francisco

SPEAKERS:

Sanjay Beri, CEO, Netskope (moderator)

Alan Boehme, chief of enterprise architecture, business innovation and emerging technologies, The Coca-Cola Company

Arthur Lessard, senior vice president and chief information security officer, Universal Music Group

Mike Kail, vice president of IT operations, Netflix

OVERVIEW:

Shadow IT is scary! But maybe letting people "go rogue" is a good thing. Join industry thought leaders for a contrarian viewpoint and lively discussion on how to let people use their favorite cloud apps while protecting corporate networks and sensitive data from threats. Learn how they're using big data to gain security visibility and come away with practical advice for enforcing cloud policies.

About Netskope

Netskope&trade is the leader in cloud app analytics and policy enforcement. Only Netskope eliminates the catch-22 between being agile and being secure and compliant by providing complete visibility, enforcing sophisticated policies, and protecting data in cloud apps. The Netskope Active Platform&trade performs deep analytics and lets decision-makers create policies in a few clicks that prevent the loss of sensitive data and optimize cloud app usage in real-time and at scale, whether IT manages the app or not. With Netskope, people get their favorite cloud apps and the business can move fast, with confidence.Netskope is headquartered in Los Altos, California. Visit us at www.netskope.com and follow us on Twitter @Netskope.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web