In Q2 2014, the average US organization uses 626 cloud services, while European organizations use an average of 588, with Office 365 and Cisco WebEx being the most popular cloud services across the US and Europe. The results are part of the recent quarterly Cloud Adoption Risk Reports from Skyhigh Networks.
This quarter’s results are based on data collected from over 10.5 million US-based enterprise employees. The European report is based on data from over 1 million users. Industries covered include education, financial services, food and beverage, healthcare, high-tech, media, oil/gas, manufacturing, retail and utilities.
Of particular interest to European companies may be the security risk from BYO devices and risky cloud services. Data protection directives and privacy laws are much stricter in the EU. Employees are generally unaware of the security risks of cloud services, putting their employers at risk by bringing their own devices and personal clouds to work.
In the top 10 cloud business services used only SAP and ERP store data in Europe, the rest are outside EU jurisdiction. With businesses averaging uploads of 86.5 gigabytes to high-risk cloud services this quarter, security is an important consideration. High-risk services include anonymous use, lacking basic security features such as encryption, admin activity logging, and terms and conditions that put data at risk.
Just 9 percent of cloud services in use have enterprise-grade security. Seventy-two percent store data in the US, which could be in violation of data sovereignty standards in a given country. Only 21 percent of cloud applications in use support multi-factor authentication.
In Europe, the most used cloud services are collaboration, content sharing and file sharing. In each of those categories, only 5 of the cloud services are headquartered in Europe. Twenty-five of the providers are based in the US, Russia and China, countries in which privacy laws are much less stringent than Europe or non-existent.
US services that track employee behavior on the internet leave organizations open to watering hole attacks, according to the European report. High-tech companies have the greatest cloud risk, averaging 193 data exfiltration events and 41 malware incidents per quarter. Companies in this category tend to have more permissive policies regarding the use of cloud services which puts them at greater risk.
The study found that despite having some of the most stringent data protection requirements, financial services and healthcare companies have a higher number of high-risk activities than other industries. Financial services had an average of 23 malware incidents per quarter and healthcare had 29.
It may be of interest to service providers to educate companies on their use of cloud services to reduce risk. Service providers that provide a high level of security for their customers could use that as a strong point of distinction, making a play for new customers based on a level of service that reduces malware attacks and provides a stronger level of data protection.