European enterprises are adding new cloud services at a rapid rate, finds a new report from Skyhigh Networks, the cloud security and enablement company. According to The Cloud Adoption and Risk Report for Q2 2015 – based on real data from over 2.5 million European employees across 12,000 cloud services – the average number of services has increased by more than 365 in a year. More than ten percent of cloud activity takes place outside the Monday-Friday working week, as overall cloud use continues to surge.
Key findings of the report include:
The average European enterprise now uses 897 cloud services (and a minimum of 507 services), up 61% from a year ago.
Cloud usage never stops – with over 14% of traffic taking place at weekends
72.1% of European organisations have exposure to compromised credentials and 8.5% of employees have at least one compromised credential for sale on the darknet
Security measure adoption: Only 15.4% of cloud services support multi-factor authentication, 9.4% encrypt data at rest and 2.8% support ISO 27001
64.9% of cloud services are not safe for EU data
Enabled by cloud computing, flexible working has had a huge impact on the enterprise and the amount of work conducted out of office hours and on weekends. Skyhigh Networks analysed cloud usage by day of the week and found that weekend usage did not drop to zero, with Saturdays and Sundays representing 6.8% and 7.8% of weekly cloud usage respectively. IT departments therefore need to consider that enterprise exposure to cloud-related security risks is not tied to traditional office hours.
The report also found that cloud adoption in Europe continues to grow, with the average European enterprise now using 897 services, 61% more than the same quarter in 2014. Indeed, from its database, Skyhigh found that the minimum number of services in use by a single organisation is 507 (for a company with less than 200 employees) and the highest is more than 3,000.
“European business use of cloud is at an all-time high,” said Nigel Hawthorn, European spokesperson for Skyhigh Networks. “Companies are adding a new cloud service to their network each day and it won’t be long until the average organisation is using well over 1,000 distinct services. While cloud services offer clear agility gains for the enterprise, the situation is by no means perfect. Too few cloud services are suited to enterprise use. The vast majority fall at the first hurdle: failure to adopt the right IT security features or adhere to the EU Data Protection regulations.”
The report investigated current cloud service security capabilities. Just 7% of the 12,000 cloud services analysed meet enterprise security and compliance requirements, as rated by Skyhigh’s CloudTrust Program. Only 15.4% support multi-factor authentication, 2.8% have ISO 27001 certification, and 9.4% encrypt data stored at rest. More worrying still, Skyhigh founds that 72.1% of European organisations have exposure to compromised credentials and 8.5% of employees at European companies have at least one compromised credential for sale on the darknet.
“While security measures are increasingly being introduced by CSPs, our findings that no user is the same, combined with the fact that each enterprise is using an additional cloud service each day, demonstrates the sheer complexity of the issue. IT departments need to get their heads out of the clouds – or perhaps in it – and take an active role in ensuring their enterprise isn’t weighed down by risks, poorly thought out cloud usage policies, and blanket bans. In a nutshell, the potential rewards of a cloud-enabled business are just too good for an apathetic approach to cloud,” concluded Hawthorn.