Netskope Report Reveals More Than Half of Microsoft Office 365 Usage Occurs in Services Other Than OneDrive for Business

Quarterly report on enterprise services sees increase in webmail DLP violations as organizations expand policy scope beyond cloud storage

Netskope, the leader in cloud security, today announced the release of the April 2017 Netskope Cloud Report™ on enterprise cloud service usage and trends. According to the report, enterprises now use an average of 1,071 cloud services. Additionally, Microsoft Office 365 usage continues to rise, as Office 365 becomes a platform and partners integrate the suite with their own external services and apps. Microsoft now makes up 40 percent of the list of top 20 cloud services, and more than half of usage comes from services other than OneDrive for Business.

Microsoft Office 365: Beyond OneDrive for Business

More than half (57 percent) of Microsoft Office 365 usage is comprised of services other than OneDrive for Business, including Yammer, Power BI, Dynamics, Outlook.com, SharePoint, and more. Though businesses often focus on putting policies in place for OneDrive alone, sensitive data is also being uploaded, shared and sent through other services in use within the Microsoft Office 365 suite.

“When it comes to cloud security, there is a tendency to emphasize the usage and security of cloud storage. This report shows us that being too focused on cloud storage can lead to a false sense of security,” said Sanjay Beri, founder and CEO, Netskope.” ”It’s critical for IT to implement controls that afford both visibility into and control over the use of all cloud services, whether that’s in a suite of services like Microsoft Office 365 or those that connect to or integrate with it from external cloud service providers.”

Additional Findings:

• Cloud services per enterprise continues to rise: This quarter, the average amount of cloud services per enterprise increased around 1,071, up from 1,031 last quarter. 93.5 percent of these services are not enterprise ready, down from last quarter’s 95 percent, indicating cloud services may be slowly evolving their security standards.

• Backdoor malware detection declines, but still leads the pack: Data from Netskope Threat Research Labs for this quarter shows that backdoors made up the bulk of cloud malware detections, at 37.1 percent, down from 43.2 percent last quarter. Following backdoors, adware was at 14.3 percent, and Microsoft Office macros at 6.0 percent. Other category percentages are as follows: Javascript made up 5.8 percent of detections, ransomware 4.2 percent, mobile 1.5 percent, PDF exploits 1.0 percent, and all others 22.7 percent. The percentage of malware-infected files was 9.3 percent, down from 26.5 percent last quarter.

• Webmail pulls ahead of cloud storage in DLP violations: For the first time, webmail beat out cloud storage in top DLP violations, With 39.94 percent of violations from webmail and 38.96 percent from cloud storage, the data shows services outside of cloud storage are a threat vector to watch (with DLP policies even being set for collaboration services like Slack). DLP violations by activity stayed similar to last quarter, with uploads leading at 48.5 percent, followed by send at 25.2 percent, download at 24.4 percent, and other (including view) at 1.9 percent.

Average Cloud Services Per Enterprise by Category

Similarly to last quarter, the retail, restaurants, and hospitality industry had the highest average amount of cloud services used at 1,206. Following retail was financial services, banking, and insurance with 1,170, manufacturing with 1,092, and healthcare and technology with 907 and 893, respectively, both with a slight decrease from last quarter.

Within cloud service categories, marketing services led with an average of 91, followed closely by HR at 90. And, as with previous quarters, the percentage that are not enterprise-ready has held steady at the respective numbers. With the rise of cloud malware and hackers compromising organizations from cloud services, granular controls and inspecting traffic from all locations (whether on-premises or off), devices, and apps (sync clients and native mobile apps included) for threats will be critical.

Netskope Resources

• Download the Netskope Cloud Report for more detailed analysis and to see the full list of the most widely used cloud services by enterprises.
• Learn more about how to gain visibility into enterprise cloud services and how to ensure they are secure and compliant.
• Visit the Netskope Hub for the latest commentary and insight on trends from the Netskope team.

About the Netskope Cloud Report

Based on aggregated, anonymized data from the Netskope Active Platform, which provides advanced discovery, granular visibility and control, and data loss prevention for any cloud service, the report’s findings are based on millions of users in hundreds of accounts globally in the Netskope Active Platform from October 1 through December 31, 2016.

About Netskope

Netskope is the leader in cloud security. Using patented technology, Netskope’s cloud-scale security platform provides context-aware governance of all cloud usage in the enterprise in real-time, whether accessed from the corporate network, remote, or from a mobile device. This means that security professionals can understand risky activities, protect sensitive data, stop online threats, and respond to incidents in a way that fits how people work today. With granular security policies, the most advanced cloud DLP, and unmatched breadth of workflows, Netskope is trusted by the largest companies in the world. Netskope — security evolved. To learn more, visit our website.