Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News

2/3/2015
09:22 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

CipherCloud Report Identifies over 1,100 Cloud Applications in Use by Companies, 86 Percent of Cloud Applications are 'Shadow IT'

North American and European companies use on average 1,245 and 981 applications, respectively

SAN JOSE, Calif., Feb. 3, 2015 /PRNewswire/ -- As cloud computing re-charts the path of enterprise IT, organizations are vastly underestimating the level of shadow IT in their cloud ecosystems. CipherCloud, a leader in cloud security, today unveils the results of the industry's first comprehensive study of cloud usage and risks from 2014, compiled from enterprise users in North America and Europe.

The "Cloud Adoption & Risk Report in North America & Europe - 2014 Trends" draws insight from CipherCloud's millions of users from its market leading customers and its extensive CloudSource(TM) knowledge base to shed light on enterprise cloud usage, risks and regional geo-specific trends. This report includes anonymized data of cloud user activity collected for the full 2014 calendar year, spanning thousands of cloud applications.

With faster time to market, massive economy of scale, and unparalleled agility, the cloud is entering enterprises at an unprecedented rate. As a result, hundreds of high risk cloud applications are commonly used across North American and European organizations.

Key Findings from the extensive study of North American and European firms in 2014.

  • The average global enterprise utilizes over 1,100 cloud applications: Our study found widespread cloud adoption across North America and Europe. In our 2014 data, a typical North America enterprise used over 1,245 cloud applications while those in Europe used 981 applications on average.
  • 86% of cloud applications used by enterprises are unsanctioned "Shadow IT": Our study found that enterprises vastly underestimate the extent of shadow IT cloud applications used by their organizations. Various media sources claim 10% to 50% of cloud apps are not visible to IT. Our statistics show that on average 86% of cloud applications are unsanctioned. For example, a major US enterprise estimated 10-15 file sharing applications were in use, but discovered almost 70.
  • Publishing, Social, and Career Clouds are 2014's most risky cloud categories: Our research rated 52% of applications in Publishing applications as high risk. Similarly, 42% in Social and 40% in Career clouds are rated as high risk. These three represent the highest risk across all cloud applications.
  • Europe is narrowing the gap of cloud adoption to North America: Contrary to widespread beliefs that Europe lags North America significantly in cloud adoption, our research found that European enterprises leverage the cloud just as extensively as North America - an average European organization uses 80% as many cloud applications in 2014, distributed across similar application categories.
  • 70% of US cloud applications used by European organizations are not "Safe Harbor" approved: In our data set, we found that only 9% of the clouds used by European enterprises were either based in Europe or in European-approved data transfer regions; 21% were US clouds and Safe Harbor approved. The rest, a whopping 70%, were US clouds without Safe Harbor certification.

"The epic breaches of 2014 have catapulted security from the IT boiler room to the board room," said Pravin Kothari, founder and CEO, CipherCloud. "While many remember 2014 as the year of the data breach, this study underscores the stealthy build-up of shadow IT, an equally worrisome threat for enterprises on both sides of the Atlantic. Rampant cloud adoption has given shadow IT a far bigger footprint than previously recognized. This introduces a multi-pronged problem for companies. It is hard, if not impossible, to protect against something you cannot see. And worse, each unsanctioned application is a vehicle for introducing a host of other risks into the enterprise. Companies must address this problem in order to fully unleash the power of the cloud."

"The findings are eye-opening in debunking conventional wisdom that Europe is behind North America in cloud adoption," said Jeroen Blaas, General Manager, CipherCloud Europe. "In actuality, we're nearly on par and equally susceptible to the risks that ride into the enterprise on the back of shadow IT. And while European privacy regulations are among the most stringent in the world, these findings reveal that regulations don't stop shadow IT. So it is up to enterprises to be the enforcers of good security hygiene and to protect against all risks to European privacy laws."

 

The CipherCloud Risk Assessment Methodology

The CipherCloud Risk Intelligence Lab(TM) analyzes thousands of cloud applications globally, compiling the CloudSource(TM) knowledge base. CipherCloud utilizes a standards-based model for cloud risk scoring, with over 100 attributes across four risk categories: Security, Privacy, Environment and Compliance. The cloud risk model includes security controls defined by the Cloud Security Alliance Cloud Control Matrix, Privacy best practices detailed by TRUSTe and industry and regulatory standards such as HIPAA and PCI DSS.

 

About CipherCloud

CipherCloud, the leader in cloud visibility and data protection, delivers cloud adoption while ensuring security, compliance and control. CipherCloud's open platform provides comprehensive cloud application discovery and risk assessment, data protection - searchable strong encryption, tokenization, data loss prevention, key management and malware detection - and extensive user activity and anomaly monitoring services.

CipherCloud has experienced exceptional growth and success with over 3 million business users, across 11 different industries.

The CipherCloud product portfolio protects popular cloud applications out-of-the-box such as Salesforce, Box, Microsoft Office 365, and ServiceNow.

CipherCloud, named as SC Magazine's Best Product of the Year, technology is FIPS.

140-2 validated and is backed by premier venture capital firms Transamerica Ventures, Andreessen Horowitz, Delta Partners, and T-Venture, the venture capital arm of Deutsche Telekom. For more information, visit www.ciphercloud.com and follow us on Twitter @ciphercloud.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Look Beyond the 'Big 5' in Cyberattacks
Robert Lemos, Contributing Writer,  11/25/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5423
PUBLISHED: 2020-12-02
CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM.
CVE-2020-29454
PUBLISHED: 2020-12-02
Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access.
CVE-2020-7199
PUBLISHED: 2020-12-02
A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access,...
CVE-2020-14260
PUBLISHED: 2020-12-02
HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Domino or execute attacker-controlled code on the server system.
CVE-2020-14305
PUBLISHED: 2020-12-02
An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat ...