Netskope Report Reveals Half of all Users of Sanctioned Cloud Storage Services Have a Personal Instance of the Same Service

Quarterly report on enterprise services sees organizations use an average of four IaaS services

Netskope, the leader in cloud security, today announced the release of the January 2017 Netskope Cloud Report™ on enterprise cloud service usage and trends. According to the report, enterprise cloud service usage continues to rise, and despite the best efforts of IT, unsanctioned cloud service usage remains a problem as half of all users of sanctioned cloud storage services also have a personal instance of the same cloud service. As the deadline for compliance approaches, the report also looked at European Union General Data Protection Regulation (GDPR) readiness, finding that while there has been some improvement, two-thirds of enterprise cloud services are not on track to meet compliance requirements.

Shadow IT Remains a Growing Problem

This quarter, cloud service usage crossed the quadruple-digit threshold: the average number of cloud services in use per enterprise rising to 1,031, up from 977 the previous quarter. Of those services in use, roughly 95 percent are not enterprise ready. Shadow IT even affects sanctioned cloud services, as half of all users of sanctioned cloud storage services like Box or Dropbox also have personal instances of the same cloud service, which can make detection and mitigation of activities like data exfiltration more difficult.

Majority of Cloud Services Still Not GDPR Ready

In 2016, Netskope created a unique methodology to score cloud services on GDPR compliance, including evaluating those services’ data retention policies, privacy features, and data protection regimens and normalizing scores to a 1-100 scale. Services with a score above 70 are considered ready for GDPR compliance. This report found that 66 percent of all cloud services do not meet this threshold, meaning they lack proper residency, privacy, and security controls to be considered compliant with the requirements of the GDPR, or near enough to be ready to comply by the May 2018 deadline. While this percentage has decreased from the 75 percent reported in the June 2016 Netskope Cloud Report, enterprise cloud services have a long way to go in order to be ready over the next year-and-a-half. Drilling further into specific measures, 82 percent of cloud services do not encrypt data at rest, 66 percent do not specify that their customers own the data in their terms of service, and 42 percent do not allow admins to enforce password controls.

“Until very recently, organizations had to take an all-or-nothing approach to allowing cloud services. If they sanctioned a cloud storage service for corporate use, they also needed to accept any additional personal instances of that cloud storage service or block the service entirely,” said Sanjay Beri, founder and CEO, Netskope. “As our customers make cloud services a strategic advantage for their businesses, when it comes to governing and securing those services, they are realizing granular policies can ensure that sensitive data does not leak from the sanctioned instance of a corporate cloud service to an unsanctioned one.”

Additional Findings

• Slack makes its way up the top 20 list, but Microsoft maintains top spot: Last quarter, Slack cracked the top 20 list for the first time, and shows no sign of slowing down, reaching the 16th position this quarter. Newcomers like ServiceNow also cracked the top 20, but Microsoft Office 365 continues to reign supreme, with Microsoft Office 365 OneDrive for Business and Office 365 Outlook.com taking the number 1 and 2 spots, respectively.
• IaaS on the rise: More than 90 percent of Netskope customers use IaaS services like Amazon Web Services, Microsoft Azure, and Google Cloud Platform, with enterprises using an average of 4 IaaS services. This includes both sanctioned and unsanctioned services, across services like Amazon, Microsoft, Google, CloudShare, Linode, Rackspace, and more.
• Ransomware a larger threat than macros and mobile attacks: For the first time, Netskope analyzed ransomware as a malware type, finding 7.4 percent of all enterprise threats were ransomware. Other category percentages are as follows: 43.2 percent of detections were backdoors, adware 9.8 percent, Javascript malware 8.1 percent, Mac 6.7 percent, Microsoft Office macros 5.3 percent, mobile 5.2 percent, and other types 14.3 percent. More than a quarter of the malware was shared with others (both internally and externally), a drop from last quarter’s 55.9 percent. This may be attributable to the fact that Netskope customers are proactively taking steps to address cloud malware risks.

Average Cloud Services Per Enterprise by Category

This quarter, the average amount of cloud services per enterprise has crossed the quadruple-digit threshold at 1,031, compared to 977 last quarter. More than 94.8 percent of these are not enterprise-ready, earning a rating of “medium” or below in the Netskope Cloud Confidence IndexTM (CCI) scoring system, meaning they lack key functionalities such as security, audit and certification, service-level agreement, legal, privacy, financial viability, and vulnerability remediation.

The retail, restaurants and hospitality industry has the highest number of services in use — 1,193 — followed by the financial services, banking and insurance industry with an average of 1,132. Marketing, human resources and collaboration apps are the most popular apps, though more than 90 percent are not enterprise ready:  

Netskope Resources

• Download the Netskope Cloud Report for more detailed analysis and to see the full list of the most widely used cloud services by enterprises.
• Learn more about how to gain visibility into enterprise cloud services and how to ensure they are secure and compliant.
• Visit the Netskope Hub for the latest commentary and insight on trends from the Netskope team.

About the Netskope Cloud Report

Based on aggregated, anonymized data from the Netskope Active Platform, which provides advanced discovery, granular visibility and control, and data loss prevention for any cloud service, the report’s findings are based on millions of users in hundreds of accounts in the Netskope Active Platform from July 1 through September 30, 2016.

About Netskope

Netskope is the leader in cloud security. Using patented technology, Netskope’s cloud-scale security platform provides context-aware governance of all cloud usage in the enterprise in real-time, whether accessed from the corporate network, remote, or from a mobile device. This means that security professionals can understand risky activities, protect sensitive data, stop online threats, and respond to incidents in a way that fits how people work today. With granular security policies, the most advanced cloud DLP, and unmatched breadth of workflows, Netskope is trusted by the largest companies in the world. Netskope — cloud with confidence. To learn more, visit our website.