LOS ALTOS, Calif. – April 28, 2014 – Today, Netskope, the leader in cloud app analytics and policy enforcement, released the Netskope Cloud Report™ for April 2014. Using aggregated, anonymized data from the Netskope Active Platform, the report findings are based on billions of cloud app events seen across hundreds of thousands of users from January to March 2014. The findings reveal that 90 percent of usage was in apps that had been blocked by network perimeter appliances but had been granted exceptions. This trend of the exception being the rule suggests that wholesale blocking done by firewalls and secure web gateways isn’t practical and only creates a false sense of security.
The report also found that enterprises ran an average of 461 cloud apps, and 85 percent were not enterprise-ready, scoring a “medium” or below in the Netskope Cloud Confidence Index. Since Netskope’s January 2014 Cloud Report™, there was a 14 percent increase in average number of apps used by enterprises (the number increased from 397 to 461). IT continues to approximate that 40-50 apps are in use by their employees, but they are underestimating usage by nine to 10 times.
“The writing is on the wall – enterprises are continuing to adopt cloud apps and are more invested than ever in protecting their data. We saw that enterprises who block apps with network perimeter technologies, like next-gen firewalls and secure web gateways, aren’t achieving their objectives because most of the usage is in the ‘exceptions,’” said Sanjay Beri, CEO and founder, Netskope. “We call this phenomenon ‘exception sprawl.’ If enterprises can learn one lesson from this report, it’s that the dam has broken on cloud app usage. To address this IT needs to leverage solutions that provide context around app usage and enact security controls at the user, device and activity level.”
Which Cloud Apps are Most Popular?
The report identified top apps used by enterprises, and found social and storage were the most frequently used categories based on number of app sessions.
|4. Amazon CloudDrive||Storage|
|5. Microsoft Office 365||Collaboration|
|6. Google Drive||Storage|
|7. Google Plus||Social|
Top activities in cloud apps included “create,” “edit,” “download,” “share” and “delete.” Activities such as downloading and sharing of data that may contain customer information, intellectual property or other proprietary information should be red flags for IT admins, as such activities can signal data leakage.
Where Did Policy Violations Occur?
IT has started to build policies around cloud app usage in an effort to enable, rather than block, cloud app usage in the enterprise, and to have more control over how information is shared and protected. The categories in which policy violations occurred most were storage, social, software development, finance/accounting and customer relationship management/sales force automation, with the vast majority being in storage. The activities that most often constituted policy violations were “upload,” “edit” and “post.” The most frequent violation was uploading to cloud storage apps specifically. While many enterprises adopted granular policies aimed at protecting data, one violation that did not rank highly was “login.” This data point indicates that as enterprises establish more granular usage policies that provide control over business-sensitive data, they can allow more users to log in with confidence and move away from the sledgehammer “block” approach.
Who Was Using Cloud Apps?
The top five app categories were marketing, HR, collaboration, storage and finance/accounting. Apps within these categories can contain sensitive information such as business intelligence or personally identifiable employee data. An average of 47 marketing apps, 41 HR apps and 27 finance/accounting apps were in use by organizations. These categories were also among the least enterprise-ready: 97 percent of marketing apps and 94 percent of both HR and finance/accounting apps rated “medium” or below in the Netskope Cloud Confidence Index™. Overall, 60 percent of cloud app usage occurred in non-enterprise-ready apps.
Netskope™ is the leader in cloud app analytics and policy enforcement. Only Netskope eliminates the catch-22 between being agile and being secure and compliant by providing complete visibility, enforcing sophisticated policies, and protecting data in cloud apps. The Netskope Active Platform™ performs deep analytics and lets decision-makers create policies in a few clicks that prevent the loss of sensitive data and optimize cloud app usage in real-time and at scale, whether IT manages the app or not. With Netskope, people get their favorite cloud apps and the business can move fast, with confidence.
 The Netskope Cloud Confidence IndexTM is a database of nearly 4,500 cloud apps that are evaluated on 30+ objective enterprise-readiness criteria adapted from Cloud Security Alliance guidance, including security, auditability, and business continuity. The results of the evaluation are normalized to a 0-100 score and mapped to five levels from “poor” to “excellent.”