View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cloud
February 12, 2015updated 23 Aug 2016 8:56am

European cloud adoption increases, but shadow IT risks persist

Study finds that 37% of users are uploading at least one file containing sensitive or confidential data.

By James Nunns

A staggering 92% of companies were found to have had problems with compromised identities, with 12% of users from an average company having at least one account compromised.

One Fortune 500 company was identified with 10,155 compromised identities. The sectors that were most at risk were real estate with 19% of employees with at least one stolen password, utilities (18%), and high-tech firms reporting 15% with stolen passwords.

Skyhigh notes that, "Until more cloud providers enable multi-factor authentication, we recommend users create a unique, strong password for each cloud service and change them regularly."

The Skyhigh Networks report, titled "Cloud Adoption and Risk Report Q4, 2014", reveals that the average number of cloud services in the workplace has risen from 545 in Q3 2013 to 897 in Q4 2014 per company, which represents extreme rapid growth.

The large overall increase in the numbers of cloud services is creating huge amounts of data, both personal and corporate. However, 92% of European companies are suffering from users with compromised identities, which is leading to concerns over the security of data in the cloud.

When you consider that more than a third of users are sharing sensitive data in the cloud, and that more than a fifth of files have sensitive data within them, it is clear that organisations need to do more to facilitate and manage secure cloud usage.

Kamal Shah, VP of products and marketing at SkyHigh Networks, said: "2014 will go down as the year of the cloud’s arrival as a fundamental tool for the Global 5000 enterprise. The average European employee uses 23 cloud services, many of which represent unsanctioned or shadow IT and highlight the growing risk and opportunity for IT teams to securely enable cloud services within their organisations."

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

The report found that the average employee worldwide is using 27 apps at work, with the risk presented by cloud providers varying widely. SkyHigh found that just 9.4% achieved the highest rating of "enterprise-ready" by the CloudTrust Program.

However, the report does point to the positive news that cloud providers have invested heavily in cloud security over the past year. Of 1,459 services, the report found that 17% offer multi-factor authentication, opposed to 705 last year.

Additionally, 533 (5%) are ISO 27001 certified which is up from 188 last year. Among this number, 1,082 (11%) encrypt data at rest which is opposed to 470 last year. Although these numbers are still low, they do represent a significant improvement.

File sharing has become the most-requested category of cloud services and, based upon the usage data, the average person is using three file sharing services regularly. These cloud services offer more than just file syncing across devices, they are also platforms for collaboration. A growing concern raised by the report is the sharing of private data via public links.

Analysis of sharing data in corporate sanctioned file sharing and collaboration services found that 11% of all documents were being shared outside the company. The majority of the external collaborators were revealed to be business partners, but 18% of external collaboration requests went to third part email addresses such as Gmail, Hotmail and Yahoo! Mail.

Skyhigh then cross-referenced the analysis of sensitive and confidential data in the cloud with sharing activity and found that 9% of files shared externally contained sensitive or confidential information. Clearly this has the potential to put companies at risk.

On the subject of sensitive or confidential data, it was found that in Q4 (2014) 37% of users uploaded at least one file to a file sharing cloud service that contained sensitive or confidential data. Some of the data shared included personally identifiable information such as social security numbers, date of birth, address, payment information such as bank details or credit card numbers.

Other information that was sent included protected health information such as medial record numbers and health plan beneficiary number. In that timeframe, 22% of files uploaded to file sharing services contained sensitive or confidential data.

Skyhigh looked into the anomaly detection data which shows an attempted attacker login to a compromised account and then cross-referenced against user identities for sale on darknet. This was attempted after seeing that research by Joseph Bonneau at Cambridge University revealed that 31% of passwords are re-used in multiple places, creating a significant threat.

The report also lists the top 20 enterprise cloud services, with AWS coming out on top ahead of Microsoft Office 365 and Salesforce. The top consumer apps in the enterprise list places Facebook on top with Twitter and Youtube second and third respectively.

Dropbox comes out on top as the top file sharing service ahead of Google Drive and Box, with Microsoft Office placed as the top collaboration service ahead of Gmail and Yammer.

The Q4 2014 report is based upon data from 15 million worldwide users at companies which span all major industries across the Americas, EMEA, Asia and Pacific.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.