CSA Official Press Release
Published 09/18/2014
Cloud Security Alliance Survey Finds IT Professionals Underestimating How Many Cloud Apps Exist in the Business Environment
San Jose, CA – September 19, 2014 – CSA Congress 2014 – In what could be called a tale of perception versus reality, the Cloud Security Alliance (CSA) today released the results of a new survey that found a significant difference between the number of cloud-based applications IT and security professionals believe to be running in their environments, and the number reported by cloud application vendors. The survey titled, Cloud Usage: Risks and Opportunities was released today at the CSA Congress 2014 in San Jose, CA. The survey, which included responses from IT and security professionals from around the globe representing a variety of industry verticals and enterprise sizes, was conducted by the CSA. The aim of the survey was to gain insight and understand the perceptions of how enterprises are using cloud apps, what kind of data is moving to and through those apps, and what that means in terms of risks. Among other things, the survey found that 54 percent of IT and security professionals said they have 10 or fewer cloud-based applications running in their organization, with 87 percent indicating that they had 50 or fewer applications running in the cloud (with a weighted average of 23 apps per organization). These estimates are far lower than commonly reported by vendors and research reports, which count more than 500 cloud apps present, on average, per enterprise “We found these results particularly interesting and at the same time concerning,” said Jim Reavis, CEO of the CSA. “It’s hard to control what you can’t see. If you are only seeing one tenth of your actual cloud usage, it’s impossible to put cloud policies in place to protect users and data. This tells us that cloud app discovery tools, along with analytical tools on cloud app policy use and restrictions, are very important in the workplace, especially when it comes to sensitive data being used by cloud applications.” The survey, sponsored by Netskope, the leader in safe cloud enablement, and Okta, an enterprise-grade identity management service, also includes data on percentage of users uploading content to various applications, and the sensitivity of that content. On the positive side, for known cloud apps, the vast majority of respondents report having policies and procedures in place to protect data and ensure compliance, and most report that those policies are well-enforced. When looking at the most protected cloud apps, nearly 80 percent of policy enforcement is in cloud storage and cloud backup, indicating serious concerns about data leakage and protection. Additionally when it comes to bring-your-own-device (BYOD) policies, more than 50 percent of respondents reported having a policy addressing BYOD, and more than 80 percent believe it is at least somewhat followed. “Beyond raising awareness around cloud service risk, the findings here are intended to provide usage intelligence that helps IT, security, and business decision-makers take action,” said JR Santos, Global Research Director of the CSA. “By consolidating and standardizing the most secure and enterprise-ready cloud services, knowing what policies will have the most impact, and understanding where to focus when educating users, we can improve the protection of data and applications in the cloud.” To access the report visit https://cloudsecurityalliance.org/download/cloud-usage-risks-and-opportunities-survey-report/. Cloud Security Alliance Congresses continue to be the industry’s premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. In addition to offering best practices and practical solutions for remaining secure in the cloud, CSA Congresses give attendees exposure to industry-specific case studies that will help them learn and leverage best practices used by their peers in moving to a secure cloud. About the Cloud Security Alliance The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa. Contact Kari Walker for the CSA ZAG Communications 703.928.9996 [email protected]
About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.
For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.