Add to collection(s) Add to saved
  1. Science
  2. Health Science

CLOUD ADOPTION & RISK REPORT Q4 2014 Published Q1 2015

advertisement 
CLOUD ADOPTION
& RISK REPORT
Q4 2014
Published Q1 2015
1
TABLE OF CONTENTS
01
INTRODUCTION
02
OVERVIEW OF CLOUD ADOPTION AND RISK
04
CALCULATED RISK
05
THE OVER-SHARING EFFECT
06
SENSITIVE DATA IN THE CLOUD
08
COMPROMISED IDENTITIES
10
TOP 20 ENTERPRISE CLOUD SERVICES LIST
11
TOP 20 CONSUMER APPS IN THE ENTERPRISE
12
TOP 10 FILE SHARING, COLLABORATION, AND SOCIAL MEDIA SERVICES
15
FASTEST GROWING CLOUD SERVICES
Cloud Adoption and Risk Report – Q4 2014
INTRODUCTION
There are more cloud services available than ever before, and the average number of
cloud services used in the workplace reached a new high last quarter. This usage includes
both sanctioned cloud services (aka sanctioned IT) and shadow cloud services (aka shadow
IT), which typically include services adopted by the lines of business and services adopted
by individuals. Both sanctioned IT and shadow IT take advantage of the cost benefits of
the cloud as well as the feature sets not available in legacy applications. However, there
is so much hype on the capabilities of what the cloud can provide that it can be difficult
to understand how people are actually using cloud services, what data they store in them,
and what risks exist within these new platforms.
To better understand cloud usage during this period of rapid innovation and change, Skyhigh
publishes a quarterly Cloud Adoption & Risk (CAR) Report. What makes our report unique is
that we base our findings on actual usage data rather than surveys that ask people for their
opinions or best guesses. In this quarterly report, we’ve quantified for the first time how
much sensitive data is stored in which cloud services, where it is shared outside the company,
and the growing problem of compromised login credentials that are bought and sold on the
darknet. As 2014 comes to a close, we’ll also review trends that shaped cloud adoption over
the last year. We hope you enjoy the data in our 6th quarterly report!
Cloud Adoption and Risk Report – Q4 2014
01
OVERVIEW OF CLOUD
ADOPTION AND RISK
The Q4 report is based on data from 15 million worldwide users at companies that
span all major industries across the Americas, EMEA, and Asia Pacific. This quarter, the
average number of cloud services in use at each company grew 8% from Q3 2014, and
43% from Q4, 2013 to 897 services. That number is 10-20 times higher than what IT
executives expect; especially considering that many of these cloud services are adopted
by employees acting on their own, without the knowledge of the IT department.
831
759
545
2013 Q3
897
738
626
2013 Q4
2014 Q1
2014 Q2
2014 Q3
2014 Q4
AVERAGE NUMBER OF
CLOUD SERVICES
IN USE BY COMPANY
Looking back at our Q4 2013 report, we wanted to compare how usage across categories
changes. The average number of services in use increased for every category. Since
Q1 2014, the fastest growing category based on the growth in number of services is
development (e.g. GitHub, SourceForce, etc.), which grew 97% in the past year. The
second fastest growing category is collaboration (e.g. Microsoft Office 365, Gmail, etc.),
which grew 53% despite already having a high number of services in use. The table
below summarizes growth in the average number of cloud services in use per company
from Q4 2013 to Q4 2014.
Cloud Adoption and Risk Report – Q4 2014
02
Q4 2013
Q4 2014
Growth
Collaboration
91
139
53%
Development
24
47
97%
File sharing
37
45
20%
Content sharing
37
39
6%
Business intelligence
15
18
18%
Social media
23
27
17%
Tracking
23
24
4%
Looking at usage another way, the average employee now uses 27 different cloud services at
work, including six collaboration services, four social media services, and three file-sharing services. The use of multiple services in each category shows that a single dominant player has yet
to emerge in many categories. Across categories, the market for cloud services is rapidly evolving as new players enter the market, existing companies are acquired, and companies invest in
new product capabilities.
The average employee uses
27 apps at work
Collaboration
Social Media
Content Sharing
File Sharing
Business Intelligence
Other
Cloud Adoption and Risk Report – Q4 2014
03
CALCULATED RISK
The risk presented by cloud providers varies widely. Across all cloud services available, just 9.4%
achieved the highest rating of “enterprise-ready” by Skyhigh’s CloudTrust Program. The good
news is that cloud providers invested heavily in security over the last year, and a much larger
number now offer more robust security features and certifications. 1,459 services (17%) provide
offer multi-factor authentication, as opposed to 705 last year; 533 (5%) are ISO 27001 certified,
as opposed to 188 last year; and 1,082 (11%) encrypt data at rest, as opposed to 470 last year.
Clearly, there is still a long way to go as some of the biggest names in cloud computing
(including Gmail and PayPal) can store sensitive, personally identifiable information, including
payment card data and banking information, as unencrypted data. Another service that doesn’t
encrypt data stored at rest is eBay, which suffered one of the biggest data breaches of 2014
when 145 million account credentials were stolen.
CLAIM OWNERSHIP OF
DATA UPLOADED TO THEM
TOP
10
SERVICES THAT...
Cloud Adoption and Risk Report – Q4 2014
DON’T ENCRYPT
AT REST
1.
Prezi
1.
Facebook
2.
SourceForge
2.
Twitter
3.
eFolder
3.
YouTube
4.
Pastebin
4.
TubeMogul
5.
myCapture
5.
LinkedIn
6.
Placed
6.
Gmail
7.
Lasso CRM
7.
eBay
8.
Shoology
8.
Paypal
9.
Zapier
9.
Hotmail
10.
LeapFILE
10.
AOL Mail
04
THE OVER-SHARING EFFECT
The growing popularity of file sharing services is clear – in a recent Cloud Security Alliance
survey,1 file sharing was top most-requested category of cloud services. Based on our usage
data, the average person uses three file-sharing services regularly. Many of these cloud services
offer more than just file-syncing across devices; they’re platforms for collaborating with other
people. Naturally, users share files with other people at their companies, but one concern we’ve
heard is the prevalence of files being shared via public links, which can be shared with anyone
without restriction.
11%
of documents in file sharing and
collaboration services are shared
outside the company
Of these, 18% were shared with
personal email addresses such as
Gmail, Hotmail, and Yahoo! Mail
Analyzing sharing data in corporate-sanctioned file sharing and collaboration services, we found
that 11% of all documents were shared outside the company. The majority of these external
collaborators turned out to be business partners, but 18% of external collaboration requests
went to third party email addresses such as Gmail, Hotmail, and Yahoo! Mail. This could raise
some red flags given the sensitive information users upload to file-sharing services. We crossreferenced our analysis of sensitive and confidential data in the cloud with sharing activity
and found that a small, but significant 9% of files shared externally contained sensitive or
confidential information, putting these companies at risk.
1
Cloud Security Alliance “2015 Cloud Adoption Practices and Priorities Survey”
Cloud Adoption and Risk Report – Q4 2014
05
SENSITIVE DATA IN THE CLOUD
Given that many companies today run mission-critical cloud services, it shouldn’t be surprising
that sensitive or confidential information is stored in the cloud. However, this can be problematic for some companies with stringent security or regulatory requirements. These companies are
likely deployed data loss prevention solutions, such as Symantec-Vontu, Intel McAfee, and EMC
RSA to prevent sensitive information from leaving the company via email. Today, they have a
need to extend their DLP solutions to cloud services. We analyzed DLP violations in the cloud to
understand what types of sensitive data users uploaded to which cloud services.
A surprising 37% of users in Q4 uploaded at least one file to a file-sharing cloud service that
contained sensitive or confidential data, including: PII (personally identifiable information) such
as social security number, date of birth, or address; payment information, such as credit card
numbers or bank account numbers; PHI (protected health information) such as medical record
number or health plan beneficiary number. In addition, 22% of files uploaded to a file-sharing
service in that same timeframe contained sensitive or confidential data.
22%
37%
of files uploaded to file-sharing
services contain sensitive data
Cloud Adoption and Risk Report – Q4 2014
06
of users have uploaded sensitive
data to a file-sharing service
Beyond file sharing, 4% of fields in CRM or IT management applications contain sensitive PII
such as policy number, driver’s license number, date of birth, or age, or PHI such as medical
record number, health plan beneficiary number, or patient account numbers.
For companies that have extended their DLP policies to the cloud, we analyzed actions triggered
due to policy violations, and 60% triggered an email alert to the violator/end-user. The next most
common action, at 31%, was to quarantine or tombstone a file uploaded containing sensitive
information. This is followed closely by changing sharing permissions – 26% of events triggered
a modification of permissions to restrict sharing with users outside the company. Lastly, 13% of
events resulted in the encryption of sensitive data.
Cloud Adoption and Risk Report – Q4 2014
07
COMPROMISED IDENTITIES
In 2014, there were more software vulnerabilities discovered and more data breaches
than in any year on record. Following one of the largest breaches of the year, eBay
asked 145 million users to change their passwords after attackers stole millions of login
credentials. The theft of a username and password in the cloud era is significant because
an attacker can gain access to all the data that user has access to in that service. That
could include their own data as well as a lot of company data as well. Troublingly, a study
by Joseph Bonneau at the University of Cambridge showed that 31% of passwords are reused in multiple places.
The implication here is that, for 31% of compromised identities, an attacker could not
only gain access to all the data in that cloud service, but potentially all the data in the
other cloud services in use by that person as well. Considering that the average person
uses three different cloud file-sharing services, and 37% of users upload sensitive data
to cloud file-sharing services, the impact of one compromised account can be immense.
We investigated this occurrence by looking at anomaly detection data that shows an
attacker attempting to login to a compromised account and cross-referencing that with
data on user identities for sale on darknet.
Cloud Adoption and Risk Report – Q4 2014
08
% of employees with at least one password stolen
INDUSTRIES
MOST EXPOSED
TO COMPROMISED
ACCOUNTS
9%
Financial
6%
Government
Healthcare
5%
High tech
Manufacturing
15%
9%
14%
Media
Pharmaceutical
12%
Real estate
Telecommunications
19%
9%
Utilities
Energy
18%
11%
We found that 92% of companies have users with compromised identities. At the
average company, 12% of users have at least one account that has been compromised.
At the time of our analysis, we found that some accounts had been updated with new
passwords, while many others remained active with compromised identities. The
availability of stolen credentials online is staggering. Anecdotally, we identified one
Fortune 500 company with a staggering 10,155 compromised identities. Despite all
industries being affected, real estate, utilities, and high-tech firms were particularly at
risk. Until more cloud providers enable multi-factor authentication, we recommend users
create a unique, strong password for each cloud service and change them regularly.
Cloud Adoption and Risk Report – Q4 2014
09
TOP 20 ENTERPRISE
CLOUD SERVICES LIST
The cloud has created a new wave of enterprise software that is not only faster to
develop, easier to deploy, and more cost effective, but also offers innovative features
not found elsewhere. That’s because much of the innovation today is happening in
software delivered via the cloud, and for many customers, the cloud is mainstream. These
companies don’t use Salesforce because they think it’s the best cloud-based CRM, but
rather because it’s the best CRM, period.
TOP 20
ENTERPRISE
CLOUD
SERVICES
1.
Amazon Web Services
11.
SuccessFactors
2.
Microsoft Office 365
12.
Workday
3.
Salesforce
13.
GoToMeeting
4.
Cisco WebEx
14.
Oracle Taleo
5.
ServiceNow
15.
OneDrive
6.
Yammer
16.
Host Analytics
7.
Concur
17.
NetSuite
8.
Box
18.
SAS OnDemand
9.
Zendesk
19.
BMC Service
Management
10.
LivePerson
20.
OpenText BPM
Amazon Web Services continues to dominate the list this quarter, followed by services
from industry giants Microsoft, Salesforce, and Cisco. Large players have bought their
way into the cloud through acquisitions, as evidenced by the number of big companies
represented by their multi-billion dollar acquisitions such as Yammer (acquired by
Microsoft for $1.2B), Concur (acquired by SAP for $8.3B), SuccessFactors (acquired by SAP
for $3.4B), and Taleo (acquired by Oracle for $1.9B). Representing a new generation of
enterprise software players, four companies in the list went public in the last 36 months
including ServiceNow, Box, Zendesk, and Workday.
Cloud Adoption and Risk Report – Q4 2014
10
TOP 20 CONSUMER APPS
IN THE ENTERPRISE
In addition to the enterprise cloud services that are generally sanctioned and procured by
the IT department, employees are also bringing a wide variety of consumer apps to work
with them. Today, consumer apps frequently offer features that are as good if not better
than those found in enterprise software, reversing the long-standing trend in the software
industry where enterprise organizations had more advanced technology than the average
consumer. While employees sometimes use these apps for personal use, they frequently
use these apps for business use as well, which can put the security and compliance of
corporate data at risk.
1.
Facebook
11.
Yahoo! Mail
2.
Twitter
12.
Dropbox
3.
YouTube
13.
Google Drive
4.
Linkedin
14.
Photobucket
5.
Pinterest
15.
Slideshare
6.
Gmail
16.
Apple iCloud
7.
Flickr
17.
Shutterfly
8.
Myspace
18.
Sina Weibo
9.
Tumblr
19.
VK
Instagram
20.
Spotify
TOP 20
CONSUMER
CLOUD
SERVICES
in the workplace
10.
While much has been written about the consumerization of enterprise IT, a new
phenomenon is the enterprization of consumer IT. Facebook, Dropbox, Google Drive, and
Gmail are all offered in enterprise versions that provide greater controls for businesses.
And many consumer apps have professional uses including LinkedIn for sales and
recruiting, and YouTube, Twitter, Instagram, and Pinterest for social media marketing.
Cloud Adoption and Risk Report – Q4 2014
11
TOP 10 FILE-SHARING, COLLABORATION,
AND SOCIAL MEDIA SERVICES
A recent Cloud Security Alliance survey2 asked IT professionals about requests they
receive from end-users. An overwhelming 79% of respondents said they regularly receive
requests for new cloud services. File sharing and collaboration were the most requested,
with 80% of survey respondents indicating they received requests for services in these
categories, followed by social media at 38%. In this section, we review the trends that
shaped usage in each of these categories over the last year.
FILE-SHARING
The average company now uses 45 file-sharing services, and individuals use three different
services in the category on average. Over the last year Dropbox and Google Drive have
remained the top services based on usage. The use of enterprise-ready Box has increased while
Yandex.Disk’s ranking, which does not encrypt data at rest, has declined relative to others. Citrix
ShareFile has risen from 8th to 5th in the last two quarters.
10
FILE SHARING
SERVICES
THE TOP
Q4 2013
2
Q1 2014
Q2 2014
Q3 2014
Q4 2014
1.
Dropbox
1.
Dropbox
1.
Dropbox
1.
Dropbox
1.
Dropbox
2.
Google Drive
2.
Google Drive
2.
Google Drive
2.
Google Drive
2.
Google Drive
3.
OneDrive
3.
OneDrive
3.
Box
3.
Box
3.
Box
4.
Box
4.
Box
4.
One Drive
4.
One Drive
4.
One Drive
5.
Yandex.Disk
5.
Yandex.Disk
5.
eFolder
5.
Hightail
5.
ShareFile
6.
Solidfiles
6.
4shared
6.
Yandex.Disk
6.
WeTransfer
6.
Yandex.Disk
7.
Freak Share
7.
eFolder
7.
Goodsync
7.
Yandex.Disk
7.
Hightail
8.
File Factory
8.
File Factory
8.
Solidfiles
8.
4shared
8.
4shared
9.
Copy
9.
Solidfiles
9.
ShareFile
9.
ShareFile
9.
Firedrive
10.
WeTransfer
10.
GoodSync
10.
4shared
10.
Firedrive
10.
Zippyshare
Cloud Security Alliance “2015 Cloud Adoption Practices and Priorities Survey”
Cloud Adoption and Risk Report – Q4 2014
12
COLLABORATION
The average company uses a dizzying 139 collaboration services, and employees regularly use
6 collaboration services. Anecdotally, logging into multiple applications to collaborate across
teams introduces friction and impedes collaboration, so companies that actively consolidate
onto fewer platforms could see improvements in productivity and employee adoption.
Microsoft and Google dominate the list, accounting for 5 of the 10 services listed. Yammer
usage increased this year relative to others, while Prezi declined in the rankings.
10
COLLABORATION
SERVICES
THE TOP
Q4 2013
Q1 2014
Q2 2014
Q3 2014
Q4 2014
1.
Microsoft
Office 365
1.
Gmail
1.
Microsoft
Office 365
1.
Microsoft
Office 365
1.
Microsoft
Office 365
2.
Gmail
2.
Microsoft
Office 365
2.
Gmail
2.
Gmail
2.
Gmail
3.
Google Docs
3.
Google Docs
3.
Cisco WebEx
3.
Cisco WebEx
3.
Yammer
4.
Cisco WebEx
4.
Cisco WebEx
4.
Google Docs
4.
Yahoo! Mail
4.
Yahoo! Mail
5.
Yahoo! Mail
5.
Yahoo! Mail
5.
Prezi
5.
Google Apps
5.
Cisco WebEx
6.
Yammer
6.
Prezi
6.
Yahoo! Mail
6.
Evernote
6.
Google Apps
7.
Prezi
7.
Yammer
7.
Yammer
7.
Yammer
7.
Skype
8.
Evernote
8.
AOL
8.
Evernote
8.
Prezi
8.
Evernote
9.
Skype
9.
Google Drive
9.
Intralinks
9.
Skype
9.
Prezi
10.
AOL
10.
Skype
10.
ClearSlide
10.
GoToMeeting
10.
GoToMeeting
Cloud Adoption and Risk Report – Q4 2014
13
SOCIAL MEDIA
The average company uses 27 different social media services, and the average user regularly
uses four social media services. While Facebook, Twitter, and LinkedIn have held the top three
spots consistently, there is more movement from the international social networks.
10
SOCIAL MEDIA
SERVICES
THE TOP
Q4 2013
Q1 2014
Q2 2014
Q3 2014
Q4 2014
1.
Facebook
1.
Facebook
1.
Facebook
1.
Facebook
1.
Facebook
2.
Twitter
2.
Twitter
2.
Twitter
2.
Twitter
2.
Twitter
3.
LinkedIn
3.
LinkedIn
3.
LinkedIn
3.
LinkedIn
3.
LinkedIn
4.
Sina Weibo
4.
Sina Weibo
4.
Sina Weibo
4.
Sina Weibo
4.
Tumblr
5.
Tumblr
5.
VK
5.
Tumblr
5.
VK
5.
Sina Weibo
6.
VK
6.
Tumblr
6.
Badoo
6.
Tumblr
6.
VK
7.
Badoo
7.
Badoo
7.
VK
7.
LiveJournal
7.
Foursquare
8.
Ning
8.
Foursquare
8.
LiveJournal
8.
Badoo
8.
Badoo
9.
Renren
9.
LiveJournal
9.
Renren
9.
Foursquare
9.
LiveJournal
10.
Foursquare
10.
Renren
10.
Foursquare
10.
Renren
10.
Renren
Cloud Adoption and Risk Report – Q4 2014
14
FASTEST GROWING CLOUD SERVICES
From an entrepreneur’s standpoint, launching a new service in the cloud and acquiring
customers is very different from building on-premise software. From idea to launch,
cloud-enabling entrepreneurs can reach a global market in weeks or months instead
of years. From the perspective of the end-user, there is an unprecedented amount of
choice, and people are inclined to use things that help them while discontinuing their use
of things that either don’t help them or are inferior to other solutions. It is this idea that
led us to think that, by measuring usage patterns across thousands of cloud services,
we could help identify the up-and-coming solutions that are on the path to mainstream
adoption based on their growth rates.
146%
Todoist
53%
join.me
119%
Loggly
47%
CloudSponge
94%
ToutApp
43%
Lumosity
69%
ONTRAPORT
40%
Behance
58%
Projectplace
38%
Waze
The fastest-growing apps of Q4 2014
Quarterly growth rate in users
Cloud Adoption and Risk Report – Q4 2014
15
We calculated growth rates for all cloud services, based on the number of active users from
Q3 to Q4 of 2014 and ranked them by their quarterly growth rate. The fastest-growing cloud
services have doubled the number of users in a single quarter, and if they continue their
growth, they could rival more established players in the years to come. Todoist and ToutApp
have now appeared on the fastest growing list two quarters in a row. Demonstrating that a
company can deliver features in high-demand by end-users while also investing in security,
Projectplace made the list and also received a rating of Skyhigh Enterprise-Ready because it
satisfies the most stringent security and compliance requirements.
Cloud Adoption and Risk Report – Q4 2014
16
ABOUT SKYHIGH NETWORKS
Skyhigh Networks, the cloud security and enablement company, helps enterprises safely
adopt cloud services while meeting their security, compliance, and governance requirements.
Over 350 enterprises including Aetna, Cisco, DIRECTV, HP, and Western Union use Skyhigh
to gain visibility into all cloud services in use and their associated risk; analyze cloud usage
to identify security breaches, compromised accounts, and insider threats; and seamlessly
enforce security policies with encryption, data loss prevention, contextual access control,
and activity monitoring. Headquartered in Cupertino, Calif., Skyhigh Networks is backed by
Greylock Partners, Sequoia Capital, and Salesforce.com. For more information, visit us at
www.skyhighnetworks.com or follow us on Twitter @skyhighnetworks.
Cloud Adoption and Risk Report – Q4 2014
17
UNCOVER SHADOW IT
If you’d like to learn the
scope of Shadow IT at your
company, including detailed
statistics profiled in this
report, sign up for a
complimentary cloud audit
REQUEST COMPLIMENTARY
CLOUD AUDIT
“With Skyhigh we
discovered a wide
range of services,
allowing us to
understand their
associated risks
and put in place
policies to protect
corporate data.”
Steve Martino
VP Information Security
bit.ly/ComplimentaryCloudAudit
20
Related documents
One of the lead activities assigned to ITU-T Study Group... presentation gives an overview on the ongoing work of Study... SG13 Activities and Achievements Related to Cloud Computing
One of the lead activities assigned to ITU-T Study Group... presentation gives an overview on the ongoing work of Study... SG13 Activities and Achievements Related to Cloud Computing
Cloud Based Business Growth Support Processes
Cloud Based Business Growth Support Processes
Slide - People
Slide - People
Download
advertisement