Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


09:22 AM
Dark Reading
Dark Reading
Products and Releases

CipherCloud Report Identifies over 1,100 Cloud Applications in Use by Companies, 86 Percent of Cloud Applications are 'Shadow IT'

North American and European companies use on average 1,245 and 981 applications, respectively

SAN JOSE, Calif., Feb. 3, 2015 /PRNewswire/ -- As cloud computing re-charts the path of enterprise IT, organizations are vastly underestimating the level of shadow IT in their cloud ecosystems. CipherCloud, a leader in cloud security, today unveils the results of the industry's first comprehensive study of cloud usage and risks from 2014, compiled from enterprise users in North America and Europe.

The "Cloud Adoption & Risk Report in North America & Europe - 2014 Trends" draws insight from CipherCloud's millions of users from its market leading customers and its extensive CloudSource(TM) knowledge base to shed light on enterprise cloud usage, risks and regional geo-specific trends. This report includes anonymized data of cloud user activity collected for the full 2014 calendar year, spanning thousands of cloud applications.

With faster time to market, massive economy of scale, and unparalleled agility, the cloud is entering enterprises at an unprecedented rate. As a result, hundreds of high risk cloud applications are commonly used across North American and European organizations.

Key Findings from the extensive study of North American and European firms in 2014.

  • The average global enterprise utilizes over 1,100 cloud applications: Our study found widespread cloud adoption across North America and Europe. In our 2014 data, a typical North America enterprise used over 1,245 cloud applications while those in Europe used 981 applications on average.
  • 86% of cloud applications used by enterprises are unsanctioned "Shadow IT": Our study found that enterprises vastly underestimate the extent of shadow IT cloud applications used by their organizations. Various media sources claim 10% to 50% of cloud apps are not visible to IT. Our statistics show that on average 86% of cloud applications are unsanctioned. For example, a major US enterprise estimated 10-15 file sharing applications were in use, but discovered almost 70.
  • Publishing, Social, and Career Clouds are 2014's most risky cloud categories: Our research rated 52% of applications in Publishing applications as high risk. Similarly, 42% in Social and 40% in Career clouds are rated as high risk. These three represent the highest risk across all cloud applications.
  • Europe is narrowing the gap of cloud adoption to North America: Contrary to widespread beliefs that Europe lags North America significantly in cloud adoption, our research found that European enterprises leverage the cloud just as extensively as North America - an average European organization uses 80% as many cloud applications in 2014, distributed across similar application categories.
  • 70% of US cloud applications used by European organizations are not "Safe Harbor" approved: In our data set, we found that only 9% of the clouds used by European enterprises were either based in Europe or in European-approved data transfer regions; 21% were US clouds and Safe Harbor approved. The rest, a whopping 70%, were US clouds without Safe Harbor certification.

"The epic breaches of 2014 have catapulted security from the IT boiler room to the board room," said Pravin Kothari, founder and CEO, CipherCloud. "While many remember 2014 as the year of the data breach, this study underscores the stealthy build-up of shadow IT, an equally worrisome threat for enterprises on both sides of the Atlantic. Rampant cloud adoption has given shadow IT a far bigger footprint than previously recognized. This introduces a multi-pronged problem for companies. It is hard, if not impossible, to protect against something you cannot see. And worse, each unsanctioned application is a vehicle for introducing a host of other risks into the enterprise. Companies must address this problem in order to fully unleash the power of the cloud."

"The findings are eye-opening in debunking conventional wisdom that Europe is behind North America in cloud adoption," said Jeroen Blaas, General Manager, CipherCloud Europe. "In actuality, we're nearly on par and equally susceptible to the risks that ride into the enterprise on the back of shadow IT. And while European privacy regulations are among the most stringent in the world, these findings reveal that regulations don't stop shadow IT. So it is up to enterprises to be the enforcers of good security hygiene and to protect against all risks to European privacy laws."


The CipherCloud Risk Assessment Methodology

The CipherCloud Risk Intelligence Lab(TM) analyzes thousands of cloud applications globally, compiling the CloudSource(TM) knowledge base. CipherCloud utilizes a standards-based model for cloud risk scoring, with over 100 attributes across four risk categories: Security, Privacy, Environment and Compliance. The cloud risk model includes security controls defined by the Cloud Security Alliance Cloud Control Matrix, Privacy best practices detailed by TRUSTe and industry and regulatory standards such as HIPAA and PCI DSS.


About CipherCloud

CipherCloud, the leader in cloud visibility and data protection, delivers cloud adoption while ensuring security, compliance and control. CipherCloud's open platform provides comprehensive cloud application discovery and risk assessment, data protection - searchable strong encryption, tokenization, data loss prevention, key management and malware detection - and extensive user activity and anomaly monitoring services.

CipherCloud has experienced exceptional growth and success with over 3 million business users, across 11 different industries.

The CipherCloud product portfolio protects popular cloud applications out-of-the-box such as Salesforce, Box, Microsoft Office 365, and ServiceNow.

CipherCloud, named as SC Magazine's Best Product of the Year, technology is FIPS.

140-2 validated and is backed by premier venture capital firms Transamerica Ventures, Andreessen Horowitz, Delta Partners, and T-Venture, the venture capital arm of Deutsche Telekom. For more information, visit www.ciphercloud.com and follow us on Twitter @ciphercloud.


Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness
Robert Lemos, Contributing Writer,  7/28/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-08-03
The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket connection.
PUBLISHED: 2020-08-03
The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is missing validation for a client-provided parameter, which allows remote attackers to read and modify data in the KeePass database via an A=0 WebSocket connection.
PUBLISHED: 2020-08-03
Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users.
PUBLISHED: 2020-08-03
Active IQ Unified Manager for VMware vSphere and Windows versions prior to 9.5 are susceptible to a vulnerability which allows administrative users to cause Denial of Service (DoS).
PUBLISHED: 2020-08-03
A vulnerability in the Fanuc i Series CNC (0i-MD and 0i Mate-MD) could allow an unauthenticated, remote attacker to cause an affected CNC to become inaccessible to other devices. The vulnerability is due to improper design or implementation of the Ethernet communication modules of the CNC. An attack...