CipherCloud Report Identifies over 1,100 Cloud Applications in Use by Companies, 86 Percent of Cloud Applications are “Shadow IT”
North American and European companies use on average 1,245 and 981 applications, respectively
SAN JOSE, Calif., Feb. 3, 2015 – As cloud computing re-charts the path of enterprise IT, organizations are vastly underestimating the level of shadow IT in their cloud ecosystems. CipherCloud, a leader in cloud security, today unveils the results of the industry’s first comprehensive study of cloud usage and risks from 2014, compiled from enterprise users in North America and Europe.
The “Cloud Adoption & Risk Report in North America & Europe – 2014 Trends” draws insight from CipherCloud’s millions of users from its market leading customers and its extensive CloudSource™ knowledge base to shed light on enterprise cloud usage, risks and regional geo-specific trends. This report includes anonymized data of cloud user activity collected for the full 2014 calendar year, spanning thousands of cloud applications.
With faster time to market, massive economy of scale, and unparalleled agility, the cloud is entering enterprises at an unprecedented rate. As a result, hundreds of high risk cloud applications are commonly used across North American and European organizations.
Key Findings from the extensive study of North American and European firms in 2014.
- The average global enterprise utilizes over 1,100 cloud applications: Our study found widespread cloud adoption across North America and Europe. In our 2014 data, a typical North America enterprise used over 1,245 cloud applications while those in Europe used 981 applications on average.
- 86% of cloud applications used by enterprises are unsanctioned “Shadow IT”: Our study found that enterprises vastly underestimate the extent of shadow IT cloud applications used by their organizations. Various media sources claim 10% to 50% of cloud apps are not visible to IT. Our statistics show that on average 86% of cloud applications are unsanctioned. For example, a major US enterprise estimated 10-15 file sharing applications were in use, but discovered almost 70.
- Publishing, Social, and Career Clouds are 2014’s most risky cloud categories: Our research rated 52% of applications in Publishing applications as high risk. Similarly, 42% in Social and 40% in Career clouds are rated as high risk. These three represent the highest risk across all cloud applications.
- Europe is narrowing the gap of cloud adoption to North America: Contrary to widespread beliefs that Europe lags North America significantly in cloud adoption, our research found that European enterprises leverage the cloud just as extensively as North America – an average European organization uses 80% as many cloud applications in 2014, distributed across similar application categories.
- 70% of US cloud applications used by European organizations are not “Safe Harbor” approved: In our data set, we found that only 9% of the clouds used by European enterprises were either based in Europe or in European-approved data transfer regions; 21% were US clouds and Safe Harbor approved. The rest, a whopping 70%, were US clouds without Safe Harbor certification.
“The epic breaches of 2014 have catapulted security from the IT boiler room to the board room,” said Pravin Kothari, founder and CEO, CipherCloud. “While many remember 2014 as the year of the data breach, this study underscores the stealthy build-up of shadow IT, an equally worrisome threat for enterprises on both sides of the Atlantic. Rampant cloud adoption has given shadow IT a far bigger footprint than previously recognized. This introduces a multi-pronged problem for companies. It is hard, if not impossible, to protect against something you cannot see. And worse, each unsanctioned application is a vehicle for introducing a host of other risks into the enterprise. Companies must address this problem in order to fully unleash the power of the cloud.”
“The findings are eye-opening in debunking conventional wisdom that Europe is behind North America in cloud adoption,” said Jeroen Blaas, General Manager, CipherCloud Europe. “In actuality, we’re nearly on par and equally susceptible to the risks that ride into the enterprise on the back of shadow IT. And while European privacy regulations are among the most stringent in the world, these findings reveal that regulations don’t stop shadow IT. So it is up to enterprises to be the enforcers of good security hygiene and to protect against all risks to European privacy laws.”
The CipherCloud Risk Assessment Methodology
The CipherCloud Risk Intelligence Lab™ analyzes thousands of cloud applications globally, compiling the CloudSource™ knowledge base. CipherCloud utilizes a standards-based model for cloud risk scoring, with over 100 attributes across four risk categories: Security, Privacy, Environment and Compliance. The cloud risk model includes security controls defined by the Cloud Security Alliance Cloud Control Matrix, Privacy best practices detailed by TRUSTe and industry and regulatory standards such as HIPAA and PCI DSS.
CipherCloud, the leader in cloud visibility and data protection, delivers cloud adoption while ensuring security, compliance and control. CipherCloud’s open platform provides comprehensive cloud application discovery and risk assessment, data protection – searchable strong encryption, tokenization, data loss prevention, key management and malware detection – and extensive user activity and anomaly monitoring services.
CipherCloud has experienced exceptional growth and success with over 3 million of business users, across 11 different industries.
The CipherCloud product portfolio protects popular cloud applications out-of-the-box such as Salesforce, Box, Microsoft Office 365, and ServiceNow.
CipherCloud, named as SC Magazine’s Best Product of the Year, technology is FIPS 140-2 validated and is backed by premier venture capital firms Transamerica Ventures, Andreessen Horowitz, Delta Partners, and T-Venture, the venture capital arm of Deutsche Telekom. For more information, visit www.ciphercloud.com and follow us on Twitter @ciphercloud.
Director of Corporate Communications