As more and more enterprises make use of cloud applications, a corresponding spotlight has been focused on the risks attendant in that use. Vendors have arisen who promise to aid enterprises in the discovery, control and governance of application usage. One of these vendors, Netskope, is today releasing the findings from a survey it commissioned to look into cloud application usage trends. These surveys are useful as they help both technology consumers and technology vendors to make the right decisions, develop the right tools and identify potential problem areas.
Not surprisingly given an increasing usage of cloud apps, the Netskope study found a corresponding increase in data sharing across applications. One in five cloud applications has data sharing as a core part of its functionality. And this sharing is certainly being used, findings indicated that for every upload to a cloud storage application, there are, on average, three shares of that file.
In other findings, on average 508 applications are in use within each enterprise, but 88% of those applications don’t meet Netskope’s own “enterprise readiness” test. While clearly enterprise readiness is a subjective label, such a high proportion of applications being questionable is a concern. From a security perspective there were some particular areas of concern:
- 85 percent of data was uploaded to apps that enable file sharing
- 81 percent of data downloaded occurred in apps with no encryption of data at rest
- 77 percent of total app usage occurred in apps stored in multi-tenant environments
In terms of the most commonly used applications within enterprises, surprisingly Google Drive was the number one result, followed by Facebook, Gmail, Twitter and Amazon CloudDrive. Rounding out the top 10 were LinkedIn, Dropbox, Pinterest, Microsoft Office 365 and Salesforce.com. Of course some of those “applications” aren’t enterprise apps (indeed some are arguably not apps at all) but as an indication of both where employees are spending their time, and where data is flowing in and out of the organization, it is a telling list.
In terms of categories of applications used, the top used cloud apps are social and storage. The top five categories of app usage per enterprise are marketing, human resources, collaboration, storage and finance/accounting. Of note is the high percentage of apps in each category that are not enterprise ready: 98 percent of marketing and finance/accounting apps, 97 percent of collaboration apps, 83 percent of storage apps and 73 percent of HR apps. Some vertical results are interesting:
- The report found that of all categories measured marketing had by far the highest instance of app usage, with an average of 65 apps in use per enterprise organization. That total is 1.5 times higher than the next highest total on the list, suggesting an increasing intersection between marketing and IT as marketers seek increasingly analytical methods to measure and drive campaigns
- The top overall activities in cloud apps included “view,” “edit,” “download,” “create” and “upload.” The highest number of activities constituting policy violations included “login,” “download,” “edit,” “view,” and “create.” With policies enforced across a broad set of apps and activities, organizations are increasingly enforcing policies that indicate a focus on compliance and data leakage
- Data demonstrates the growing variety of apps that are used to share content. More than 20 percent of apps and 89 percent of categories in the survey enable sharing. Top non-storage apps that enable sharing include Marketo, SuccessFactors, Webex, Yammer, Salesforce (CRM and SFA) and Workday (HR)
The survey results are interesting. They don’t justify any knee jerk reactions on the part of enterprise IT – while some would suggest the results justify battening down the hatches and locking down employee usage, that perspective fails to take into account the very real value that organizations and individuals derive from usage of these applications. What it does suggest however is that cloud usage is real, and that enterprises can no longer bury their heads in the sand about the fact. They need to find safe and feasible ways of both allowing employee access, but ensuring organizational safety in the process.