The Cloud Security Alliance ran a survey on the awareness of running cloud applications in an IT professional’s business and the verdict is not good.
The study found 54 percent of IT and security professionals say they have 10 or fewer cloud-based applications running in their organization, with 87 percent saying they had 50 or fewer applications. Those guesses, though, don’t stack up against commonly reported figures from vendors and research reports which found on average more than 500 cloud apps present per enterprise.
Krishna Narayanaswamy, chief scientist of Netskope, told CRN those findings are troubling, adding there is almost a 10 times difference “between reality and perception.” Unsecured cloud applications may open a business up to compromise and sensitive information can be leaked, he said.
“What we’re finding is sensitive data is being stored in the cloud,” Narayanaswamy said. “Enterprise is moving away from home-grown data in their data centers and adapting to the cloud. That’s increasing quadrant by quadrant. … This problem is a pretty significant one right now.”
The survey, sponsored by Netskope and Okta, an enterprise-grade identity management service, asked questions of 165 IT professionals. Nearly half of respondents also said less than 5 percent of their sensitive content in the cloud has been shared with unauthorized individuals or individuals outside of the organization. And, 24.7 percent said they weren’t sure if they had experience a data breach related to a cloud app in the last year.
Narayanaswamy said he believes this indicates a need for a cloud application policy in all enterprises, as well as a secure platform available to IT employees to ensure they don’t stray to other, less secure, applications. In a BYOD, or bring your own device, workplace environment, he stressed employees can simply download what works easily, not what’s most secure for a working company.
“(BYOD) definitely increases the productivity of individuals…, but you need to have good policies around BYOD usage and enterprise IT to have control,” he said, “(like)… being able to monitor the activities that are happening. … One of the things that we have seen in our cloud platform is for every upload there are three shares. Shares are a good thing, because it increases collaboration, but it depends who the share is to. Many are to uninvited people and that leads to data compromises.”
John Yeoh, a senior research analyst of the CSA, said BYOD is here to stay so precautions must be put in place.
“Understanding that, and having a good BYOD policy in place … is a great step in the right direction,” he said.
The vast majority of respondents to the survey reported they do have policies and procedures in place to protect data and ensure compliance. More than 50 percent of respondents reported having a policy addressing BYOD, and more than 80 percent believe it is at least somewhat followed.
NEXT: Channel Copes With Rectifying The Problem