Skyhigh Networks, a cloud security software provider, has unveiled the results of its first "European Cloud Adoption and Risk Report." Researchers noted that of the 2,105 cloud services in use, only 9 percent provided enterprise-grade security capabilities, while the remaining 91 percent posed medium to high security risks to organizations.
"Cloud services certainly enable agile, flexible and efficient businesses, and employees should be encouraged to use services that best suit their working style and enhance their productivity," Skyhigh Networks CEO Rajiv Gupta said in a prepared statement. "However, it is evident from this study that too many employees are still unaware of the risks associated with some cloud services, and could even be jeopardizing the overall security position of their organization."
According to the report, much of the cloud adoption within European organizations occurs under the radar of the chief information officer or chief information security officer. And as a result, shadow IT, the use of unauthorized IT solutions and systems, is widespread and uncontrolled in many organizations.
In addition, the report showed that when CIOs examine the use of cloud services across their organizations, they generally find shadow IT is 10 times more prevalent than they initially assumed. Meanwhile, 1 percent of the cloud services in use both offer enterprise-grade security capabilities and store data in Europe’s jurisdictional boundaries, and the remaining 99 percent store data in countries where data privacy laws are less stringent, don't have enterprise-grade security capabilities or both.
"Europe is facing something of a crossroads with regard to cloud adoption and security. The discrepancy between the perceived and actual number and risks of services in use at each organization is worrying to say the least," Charlie Howe, EMEA Director of Skyhigh Networks, said in a statement. "CIOs need to get a better grip on this if they are to avoid the huge reputational and financial repercussions of poor data security."
Other key findings from the report included:
- On average, a European organization had 588 cloud services in use, compared to 626 in the United States
- 12 percent of the cloud services evaluated in the report encrypted data at rest, and 21 percent supported multi-factor authentication.
- 5 percent of cloud services in Europe were ISO 27001-certified and posed compliance issues for those organizations that were unaware that their employees were using uncertified services.
- 25 of the top 30 cloud services in the collaboration, content sharing and file sharing categories were based in countries (United States, Russia and China) where the privacy laws are far less stringent compared to Europe.
- 49 different services in use were tracking the browsing behavior of employees on the Internet, which exposed organizations to the increasingly prevalent watering hole attack.
The European Cloud Adoption and Risk Report is based on data from over 1 million users across more than 40 companies in the financial services, high technology, oil and gas, manufacturing, retail and utilities industries. The full report is available here.