Study: Partners Continue To Underestimate How Many Cloud Apps Exist In Their Business

The Cloud Security Alliance ran a survey on the awareness of running cloud applications in an IT professional’s business and the verdict is not good.

The study found 54 percent of IT and security professionals say they have 10 or fewer cloud-based applications running in their organization, with 87 percent saying they had 50 or fewer applications. Those guesses, though, don’t stack up against commonly reported figures from vendors and research reports which found on average more than 500 cloud apps present per enterprise.

Krishna Narayanaswamy, chief scientist of Netskope, told CRN those findings are troubling, adding there is almost a 10 times difference ’between reality and perception.’ Unsecured cloud applications may open a business up to compromise and sensitive information can be leaked, he said.

’What we’re finding is sensitive data is being stored in the cloud,’ Narayanaswamy said. ’Enterprise is moving away from home-grown data in their data centers and adapting to the cloud. That’s increasing quadrant by quadrant. … This problem is a pretty significant one right now.’

Sponsored post

[Related: Shining the Spotlight On Shadow IT]

The survey, sponsored by Netskope and Okta, an enterprise-grade identity management service, asked questions of 165 IT professionals. Nearly half of respondents also said less than 5 percent of their sensitive content in the cloud has been shared with unauthorized individuals or individuals outside of the organization. And, 24.7 percent said they weren’t sure if they had experience a data breach related to a cloud app in the last year.

Narayanaswamy said he believes this indicates a need for a cloud application policy in all enterprises, as well as a secure platform available to IT employees to ensure they don’t stray to other, less secure, applications. In a BYOD, or bring your own device, workplace environment, he stressed employees can simply download what works easily, not what’s most secure for a working company.

’(BYOD) definitely increases the productivity of individuals…, but you need to have good policies around BYOD usage and enterprise IT to have control,’ he said, ’(like)… being able to monitor the activities that are happening. … One of the things that we have seen in our cloud platform is for every upload there are three shares. Shares are a good thing, because it increases collaboration, but it depends who the share is to. Many are to uninvited people and that leads to data compromises.’

John Yeoh, a senior research analyst of the CSA, said BYOD is here to stay so precautions must be put in place.

’Understanding that, and having a good BYOD policy in place … is a great step in the right direction,’ he said.

The vast majority of respondents to the survey reported they do have policies and procedures in place to protect data and ensure compliance. More than 50 percent of respondents reported having a policy addressing BYOD, and more than 80 percent believe it is at least somewhat followed.

NEXT: Channel Copes With Rectifying The Problem

Eduardo Don, Jr., president of Orange, Calif.-based service provider Lumen21, said he is aware of the ’shadow IT’ issue across the channel. He was not surprised to hear the figures reported by the CSA.

’It’s probably more than 10 times because of the nature of those things to be procured right now, they’re fairly easy [to get],’ Don said. ’If you’re using Dropbox, that’s a cloud solution. If you’re using Microsoft Office 365, that’s a cloud solution. … Someone may be using an expense package that’s cloud-based. I think that’s been a problem [for] the IT organizations that don’t quite know the inventory that’s out there. ’

Lumen21 offers their ’complying cloud platform’ to avoid issues, Don noted. He said making these applications available to employees can cut down on problems, in his experience.

Mistakes, however, can build awareness, he said.

’I bet there’s a greater sense of awareness of security at Home Depot this week than there was a week before,’ he said, referencing the recent data breach at the big box chain. ’Unfortunately, it takes those major bad situations to bring the corrective action, because you just don’t think it’s going to happen to you.’