News

Survey Finds IT Pros Underestimating Cloud-Based App Usage

• By John K. Waters
• 09/26/2014

How many cloud-based applications are running in your environment? Probably more than you think, if the results of a new survey of IT and security professionals released last week by the Cloud Security Alliance (CSA) are any indication.

More than half of respondents believe their organizations are running 10 or fewer cloud-based apps, while nearly 90 percent believe they have fewer than 50. But those numbers don't add up next to estimates commonly reported by vendors and industry analysts, which claim that on average, enterprises are running more than 500 cloud apps per organization, the CSA report's authors wrote in the report, "Cloud Usage: Risks and Opportunities Report," outlined at the CSA's Congress conference, held in San Jose, Calif. last week.

That chasm of a discrepancy is evidence of a lack of visibility in many organizations that fairly cries out for cloud-app discovery tools and analytical tools on cloud-app policy use and restrictions, said Jim Reavis, CEO of the CSA.

"We found these results particularly interesting and at the same time concerning," Reavis said in a statement. "It's hard to control what you can't see. If you are only seeing one tenth of your actual cloud usage, it's impossible to put cloud policies in place to protect users and data."

The good news is that most of the survey respondents reported having policies and procedures in place to protect data and ensure compliance for the cloud apps they are aware of. And they reported that these policies were "well-enforced." Among the best protected of these apps, nearly 80 percent of the policy enforcement is in cloud storage and cloud backup, the respondents said, which the report's authors saw as evidence of "serious concerns about data leakage and protection." Very few respondents (close to 4 percent) reported experiencing a data breach involving their cloud apps in the past year.

The CSA is a not-for-profit organization led by a coalition of "industry practitioners, corporations, associations and other key stakeholders" and has become influential in recent years. Its stated mission is to promote the use of cloud security best practices. The group also promotes and provides education on this subject. The organization sponsors a number of initiatives and working groups, including the Big Data Working Group, an initiative for creating and identifying best practices for security and privacy in big data; the Cloud Governance Working Group, which seeks to understand the demands of governing and operating data in the cloud; and the Cloud Controls Matrix initiative, which developed a security controls framework for cloud providers and consumers, among others.

In addition to raising awareness around cloud service risk, the CSA report aims to provide usage intelligence that could help organizations make better decisions on everything from consolidating and standardizing on the most secure and enterprise-ready cloud services to knowing what policies will have the most impact, the authors said.

The survey was sponsored by two companies that have staked out territory in this evolving landscape: cloud-app analytics and policy-enforcement provider Netskope and identity management services vendor Okta. CSA Research Director Luciano Santos and Senior Research Analyst John Yeoh conducted the survey and authored the report.

The new report is available now for download from the CSA Web site.