Risk
2/26/2014
06:45 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Netskope Survey: More Than 60 Percent Of IT's Most Security Savvy Professionals Are Either Unaware Of Their Company's Cloud App Policies Or Don't Have One

In absence of cloud app policies, more than two-thirds of attendees surveyed said they would consider their company's privacy policy before downloading an app

SAN FRANCISCO, Feb. 26, 2014 /PRNewswire/ -- RSA CONFERENCE 2014 – Today from RSA Conference USA 2014, Netskope&trade, the leader in real-time cloud app analytics and policy enforcement, announced results of a survey on information security professionals' use of cloud apps. Netskope found that despite widespread adoption of cloud apps in the enterprise, most IT security professionals are either unaware of their company's cloud app policy or don't have one. In the absence of cloud app policies, more than two-thirds of attendees surveyed said they would consider their company's privacy policy before downloading an app.

As cloud apps proliferate in the enterprise, the security and privacy risks associated with use of these apps at work is on the rise. According to the recent Netskope Cloud Report, the typical enterprise is using 397 apps, or as much as 10 times the number that IT typically has within its purview. Furthermore, 77% of cloud apps are not enterprise-ready, leaving IT with the challenge of securing these apps and putting policies in place to guide their use.

"It's not surprising to see that although cloud app usage has caught on in the enterprise, the majority of companies are behind on establishing clear policies and guidelines, and as a result employees are in the dark about the implications of their app usage," said Sanjay Beri, founder and CEO, Netskope. "With the amazing benefits that cloud apps bring, enterprises also shoulder significant risks that can no longer be ignored. We expect to see cloud app analytics and policy implementation become a top priority in the coming months as businesses look to optimize their usage of cloud apps with an eye on both agility and security."

The survey – which provides a snapshot of user and corporate practices among a sample of RSA attendees – offered up these conclusions:

Policies Lag Despite Growing Cloud App Adoption in the Enterprise

Although enterprises have more cloud apps in use by employees than ever before, 44% of those surveyed said their company doesn't have a cloud app policy in place. Furthermore, 17% of employees are unaware if their company has a policy.

Employees Want to Consider Company Policy Before Using a Cloud App

Despite the rise of unsanctioned cloud apps in the enterprise, also called "Shadow IT," the majority of respondents take into consideration their company privacy policy before signing up for a cloud app account. Seventy percent of those surveyed said they consider the rules before browsing or hitting the app store, which is good news for companies that have policies in place.

Storage and Consumer Apps are perceived as IT No-No's

When asked about the top apps they do not want IT to know about, respondents said that storage and consumer apps are top of mind. The top three apps they want to keep off IT's radar are:

1. Dropbox (Storage)

2. Twitter (Consumer)

3. Facebook (Consumer)

Netskope helps enterprises identify cloud app usage and enforce policies that protect sensitive information and prevent data loss by giving IT the real-time visibility, deep analytics, and policy enforcement needed to confidently embrace cloud computing. Netskope's solution enables enterprises to improve compliance with data governance rules across industries while supporting the use of cloud apps that enable employees to get their jobs done. For more information visit: http://www.netskope.com/product/.

Survey Methodology

Live interviews were conducted with 120 RSA USA Conference attendees between February 24 and February 25, 2014.

Find Netskope at RSA:

SESSION:

Let Your Users Go Rogue

DATE:

Thursday, February 27 at 10:40 a.m. PT

LOCATION:

Moscone Center, San Francisco

SPEAKERS:

Sanjay Beri, CEO, Netskope (moderator)

Alan Boehme, chief of enterprise architecture, business innovation and emerging technologies, The Coca-Cola Company

Arthur Lessard, senior vice president and chief information security officer, Universal Music Group

Mike Kail, vice president of IT operations, Netflix

OVERVIEW:

Shadow IT is scary! But maybe letting people "go rogue" is a good thing. Join industry thought leaders for a contrarian viewpoint and lively discussion on how to let people use their favorite cloud apps while protecting corporate networks and sensitive data from threats. Learn how they're using big data to gain security visibility and come away with practical advice for enforcing cloud policies.

About Netskope

Netskope&trade is the leader in cloud app analytics and policy enforcement. Only Netskope eliminates the catch-22 between being agile and being secure and compliant by providing complete visibility, enforcing sophisticated policies, and protecting data in cloud apps. The Netskope Active Platform&trade performs deep analytics and lets decision-makers create policies in a few clicks that prevent the loss of sensitive data and optimize cloud app usage in real-time and at scale, whether IT manages the app or not. With Netskope, people get their favorite cloud apps and the business can move fast, with confidence.Netskope is headquartered in Los Altos, California. Visit us at www.netskope.com and follow us on Twitter @Netskope.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0619
Published: 2014-10-23
Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory.

CVE-2014-2230
Published: 2014-10-23
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.

CVE-2014-7281
Published: 2014-10-23
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.

CVE-2014-7292
Published: 2014-10-23
Open redirect vulnerability in the Click-Through feature in Newtelligence dasBlog 2.1 (2.1.8102.813), 2.2 (2.2.8279.16125), and 2.3 (2.3.9074.18820) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to ct.ashx.

CVE-2014-8071
Published: 2014-10-23
Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the (1) givenName, (2) familyName, (3) address1, or (4) address2 parameter to registrationapp/registerPatient.page; the (5) comment parameter to all...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.