Business Cloud News
Less than one in ten cloud services used in enterprises lack enterprise-grade security, a Skighhigh Networks survey reveals

Less than one in ten cloud services used in enterprises lack enterprise-grade security, a Skyhigh Networks survey reveals

More than 90 per cent of cloud services currently used by European enterprises fail to implement enterprise-grade security parameters according to research published Thursday. Rajiv Gupta, chief executive officer of Skyhigh Networks, the firm that commissioned the study, said the results suggest enterprises need to develop more robust cloud management strategies in order to mitigate the high levels of risk they are clearly taking on.

The survey includes data from over one million users spread across a range of companies in oil & gas, financial services, high tech, manufacturing education and retail; it suggests only five per cent of the cloud services on offer in Europe provide enterprise-grade security, such as ISO 27001 certification or an equivalent. Just 12 per cent encrypt data at rest.

Additionally, most European businesses don’t seem to be interested in blocking these cloud services, with just four per cent of those surveyed saying their organisations block low and medium-risk apps, and nine per cent blocking higher-risk apps like cloud storage and collaboration software.

“Cloud services certainly enable agile, flexible, and efficient businesses, and employees should be encouraged to use services that best suit their working style and enhance their productivity,” said Rajiv Gupta, chief executive officer of Skyhigh Networks.  “However, it is evident from this study that too many employees are still unaware of the risks associated with some cloud services, and could even be jeopardising the overall security position of their organisation.”

“The bottom line is that businesses need to get smarter about cloud, and IT needs to develop greater understanding of the cloud services in use and the risk they present, and play a leadership role in educating users and guiding the organisation to securely embrace the cloud,” Gupta concluded.

The research also suggests that despite all of the NSA / GCHQ-related snooping revelations brought to light over the past year, European enterprises are still flocking to US-based services, and using services based in countries like China and Russia – where data protection rules are far less stringent.

Since the revelations some European service providers have attempted to exploit adherence to data privacy as a key selling point. Some – like Deutsche Telekom – have gone as far as completely avoiding US servers for their telecommunications and cloud services, a move the Office of the United States Trade Representative criticised as “draconian” in a recently published report.

But companies like Deutsche Telekom seem to be among a vocal minority in Europe. Just one per cent of the 2,105 cloud services surveyed in use both offer enterprise-grade security capabilities and store data in Europe’s jurisdictional boundaries, with the remaining 99 per cent either storing data in countries where data privacy laws are less stringent or don’t have enterprise-grade security capabilities.

25 of the top 30 cloud services in the collaboration, content sharing, and file sharing categories were based in the US, China and Russia. Overall, 72 per cent of the cloud applications in use by European enterprises store data in the US.

“Europe is facing something of a crossroads with regard to cloud adoption and security,” said Charlie Howe, EMEA director of Skyhigh Networks.

“The discrepancy between the perceived and actual number and risks of services in use at each organisation is worrying to say the least. CIOs need to get a better grip on this if they are to avoid the huge reputational and financial repercussions of poor data security,” he said.

“CIOs now have the tools and services that will enable them to empower employees to use the cloud services that grow the business, while ensuring compliance with internal and external data privacy, security, and governance policies,” he added.

  • Christian Ball April 11, 2014 at 1:00 am

    Wow, that’s not good, hopefully cloud providers begin to up their security features!

  • Jacob Townstead April 16, 2014 at 10:16 pm

    You are absolutely right when you say “enterprises need to develop more robust cloud management strategies in order to mitigate the high levels of risk they are clearly taking on.” However, this is also much easier said than it is done.
    Most cloud providers that claim they offer cloud “enterprise” solution do not have the manageability or price scale-ability to be an effective enterprise solution. Therefore, when a solution is finally setup, it doesn’t go beyond the consumer-grade solution the provider was originally designed for (take Dropbox and Box for example).
    Rather, businesses should be devoting their energy to finding a cloud provider that offers true enterprise solutions.

  • Post a comment

    Threaded commenting powered by interconnect/it code.