Press Release

New Netskope Report Shows Compromised Credentials Continue to Haunt Cloud App Usage

  • 13.6 percent of enterprise users have had their account credentials compromised
  • 70 percent of uploads to cloud apps by people with compromised accounts are to apps rated “poor” in terms of enterprise-readiness
  • More than a quarter of organizations have more than 1,000 cloud apps in use

LOS ALTOS, Calif. – April 14, 2015 – Netskope, the leader in safe cloud enablement, today released the April 2015 Netskope Cloud Report™ that monitors enterprise cloud app usage and trends. The report details the continued impact of compromised cloud app credentials to enterprises.

The report found that more than seven out of ten uploads from users with compromised accounts are to apps with a “poor” rating in the Netskope Cloud Confidence Index*. Additionally, 23.6 percent of logins to Customer Relationship Management (CRM) apps come from compromised accounts. Cloud app usage continues to grow across enterprise organizations; the report found that more than 25 percent of organizations in the Netskope Cloud use more than 1,000 apps.

The average number of cloud apps (both sanctioned and unsanctioned) continued to grow: organizations now use an average of 730 cloud apps. This represents a 16 percent increase from the previous quarter. Nine out of every ten apps in use today are not enterprise ready, scoring a “medium” or below in the Netskope Cloud Confidence IndexTM (CCI). Also, according to Netskope’s study, 13.6 percent of app users have had their account credentials compromised.

“While there’s a more common understanding and acceptance of ‘shadow IT’ across organizations, there’s a corresponding rise in the volume of unsanctioned cloud apps in use,” said Sanjay Beri, CEO and founder, Netskope. “This should give IT pause, but it’s not a cause for mass panic. Like it or not, this is the new reality for IT; it’s thus critical that organizations maintain a deep level of visibility and governance over their cloud app infrastructure so they can spot and mitigate a suspicious pattern before it becomes an issue.”

Top 10 Most Popular Cloud App Categories

In addition to the consumer and prosumer apps that organizations expect to find in use (such as Twitter, Dropbox, and Evernote) line of business apps are most prevalent within organizations. Marketing remains the most prevalent category; however, nearly all marketing apps rate at a “medium” or below on the CCI. More than 90 percent of apps in categories including Human Resources, Collaboration, and Finance/Accounting also rate at a “medium” or below on the CCI.

CategoryNumber per EnterprisePercent Not Enterprise-Ready
4Human Resources4096.6%
7Cloud Storage3472.6%
8Software Development2690.9%

Top-Used Apps in Business

As in past reports, Cloud Storage and Social apps dominate the top 20 apps used in business, and comprise nearly a third (32 percent) of total cloud app usage. Based on distinct app sessions, the top used apps reflect all cloud app access points tracked by the Netskope Active Platform**. Other categories represented include Webmail, Collaboration, and Customer Relationship Management/Salesforce Automation (CRM/SFA).

Cloud AppCategory
2Google DriveCloud Storage
3Google GmailWebmail
5iCloudCloud Storage
6Google DocsProductivity
9DropboxCloud Storage
10Microsoft OneDriveCloud Storage
12Cisco WebExCollaboration
16Microsoft Live Outlook.comWebmail
17BoxStorage & Collaboration
18DocuSignElectronic Signature
19SuccessFactorsHuman Resources
20Microsoft Office 365 WordProductivity

Top Policy Violations

Policies can be enforced based on a number of factors, including user, group, location, device, DLP profile, activity, and more. Policies observed include: blocking the download of personally-identifiable information from an HR app to a mobile device; to alerting when users share documents in Cloud Storage apps with someone outside of the company; to blocking unauthorized users from modifying fields in Financial/Accounting apps. Data loss prevention (DLP) policy violations involving the download of data outnumber those involving the upload of it by more than two to one. The three top categories for DLP policy violations include Cloud Storage, Webmail, and CRM/SFA.

Top Activities Triggering Policy Violation

Netskope Resources

About the Netskope Cloud Report

Based on aggregated, anonymized data from the Netskope Active Platform, which provides discovery, deep visibility, and granular control over any cloud app, the report’s findings are based on millions of users in hundreds of accounts in the global Netskope Active Platform from January – March 2015.

Sobre a Netskope

Netskope™ is the leader in safe cloud enablement. Only the Netskope Active PlatformTM provides discovery, deep visibility, and granular control of sanctioned and unsanctioned cloud apps. With Netskope, IT can direct usage, protect sensitive data, and ensure compliance in real-time, on any device, including native apps on mobile devices and whether on-premises or remote, and with the broadest range of deployment options in the market. With Netskope, businesses can move fast, with confidence. Serving a broad customer base including leading healthcare, financial services, high technology, and retail enterprises, Netskope has been named to CIO Magazine’s top 10 cloud security startups and featured in such business media as CBS News, Wall Street Journal, and Forbes. Netskope is headquartered in Los Altos, California. Visit us at and follow us on Twitter @Netskope.


[*] The Netskope Cloud Confidence Index™ is a database of more than 5,000 cloud apps that are evaluated on 40+objective enterprise-readiness criteria adapted from the Cloud Security Alliance, including security, auditability, and business continuity. The results of the evaluation are normalized to a 0−100 score and mapped to five levels ranging from “poor” to “excellent.”

[**] Includes perimeter device (e.g., firewalls, gateways, etc.) log analysis and real-time visibility of campus PC, remote PC, and mobile device (e.g., smartphones, tablets).