Only 9 percent of cloud services used by enterprise customers in Europe offer enterprise-grade security, according to a new report by Skyhigh Networks.
Beyond that, only 1 percent of cloud services in use offer both enterprise-grade security and meet the EU data residency requirements. The remaining 99 percent store data outside of Europe, don’t meet enterprise-grade security standards, or both.
The release of the European Cloud Adoption and Risk Report (PDF) includes data from more than one million users across more than 40 companies in various industries including financial services and healthcare.
According to the study, enterprises use an average of 588 cloud services, and 91 percent of cloud services pose medium to high security risks to organizations. Last year, in its US Cloud Adoption & Risk Report for Q3 2013, Skyhigh Networks found that many high-risk cloud services were being allowed by organizations.
Shadow IT, or cloud services brought in to an organization by employees without IT’s approval, is another issue Skyhigh Networks addresses through its latest research. According to the company, when CIOs look at the use of cloud services across their organization, they find in general that Shadow IT is 10 times more prevalent than they initially believed. Shadow IT can have a huge impact on security as often these services were not designed to meet specific industry regulations.
According to the study, 25 of the top 30 cloud services used by enterprises for collaboration and file sharing were based in countries including the US, Russia and China, where privacy laws are much less strict than Europe.
“Cloud services certainly enable agile, flexible, and efficient businesses, and employees should be encouraged to use services that best suit their working style and enhance their productivity,” Rajiv Gupta, CEO Skyhigh Networks said in a statement. “However, it is evident from this study that too many employees are still unaware of the risks associated with some cloud services, and could even be jeopardising the overall security position of their organization. Of the services that we analyzed, 72 percent stored data in the US – which could have legal and compliance implications for certain organizations in Europe. The bottom line is that businesses need to get smarter about the cloud. IT needs to develop a greater understanding of the cloud services in use and the risk they present, and play a leadership role in educating users and guiding the organization to securely embrace the cloud.”
With the release of the report, Skyhigh Networks is announcing its expansion in Europe. Led by Charlie Howe, EMEA director, Skyhigh will help European companies look into their cloud usage, and help them adopt new cloud applications securely.
“Europe is facing something of a crossroads with regard to cloud adoption and security,” said Howe. “The discrepancy between the perceived and actual number and risks of services in use at each organization is worrying to say the least. CIOs need to get a better grip on this if they are to avoid the huge reputational and financial repercussions of poor data security. While blanket bans on cloud services were once the only option, CIOs now have the tools and services that will enable them to empower employees to use the cloud services that grow the business while ensuring compliance with internal and external data privacy, security, and governance policies.”
Earlier this year Skyhigh Networks released its Skyhigh Enterprise CloudRisk Dashboard, a tool to quantify the risks associated with public cloud services and provide recommendations to organizations.