News

Cloud-Based Apps Usage High in Enterprises

A Cloud Security Alliance survey shows discrepancy between vendors and IT pros when asked about the number of cloud-based apps installed in the workplace.

The results of a new survey of IT and security professionals released last week by the Cloud Security Alliance (CSA) indicates that there are likely more cloud-based applications running in your environment than you might think.

Estimates commonly reported by vendors and industry analysts claim that, on average, enterprises are running more than 500 cloud apps per organization, the CSA report's authors wrote in the report, "Cloud Usage: Risks and Opportunities Report," outlined at the CSA's Congress conference, held in San Jose, Calif. last week. Those estimates are striking when compared to what respondents reported: More than half of respondents believe their organizations are running 10 or fewer cloud-based apps, while nearly 90 percent believe they have fewer than 50.

That chasm of a discrepancy is evidence of a lack of visibility in many organizations that fairly cries out for cloud-app discovery tools and analytical tools on cloud-app policy use and restrictions, said Jim Reavis, CEO of the CSA.

"We found these results particularly interesting and at the same time concerning," Reavis said in a statement. "It's hard to control what you can't see. If you are only seeing one tenth of your actual cloud usage, it's impossible to put cloud policies in place to protect users and data."

The good news is that most of the survey respondents reported having policies and procedures in place to protect data and ensure compliance for the cloud apps they are aware of. And they reported that these policies were "well-enforced." Among the best protected of these apps, nearly 80 percent of the policy enforcement is in cloud storage and cloud backup, the respondents said, which the report's authors saw as evidence of "serious concerns about data leakage and protection." Very few respondents (close to 4 percent) reported experiencing a data breach involving their cloud apps in the past year.

The CSA is a not-for-profit organization led by a coalition of "industry practitioners, corporations, associations and other key stakeholders" and has become influential in recent years. Its stated mission is to promote the use of cloud security best practices. The group also promotes and provides education on this subject. The organization sponsors a number of initiatives and working groups, including the Big Data Working Group, an initiative for creating and identifying best practices for security and privacy in big data; the Cloud Governance Working Group, which seeks to understand the demands of governing and operating data in the cloud; and the Cloud Controls Matrix initiative, which developed a security controls framework for cloud providers and consumers, among others.

In addition to raising awareness around cloud service risk, the CSA report aims to provide usage intelligence that could help organizations make better decisions on everything from consolidating and standardizing on the most secure and enterprise-ready cloud services to knowing what policies will have the most impact, the authors said.

The survey was sponsored by two companies that have staked out territory in this evolving landscape: cloud-app analytics and policy-enforcement provider Netskope and identity management services vendor Okta. CSA Research Director Luciano Santos and Senior Research Analyst John Yeoh conducted the survey and authored the report.

The new report is available now for download from the CSA Web site.

About the Author

John K. Waters is the editor in chief of a number of Converge360.com sites, with a focus on high-end development, AI and future tech. He's been writing about cutting-edge technologies and culture of Silicon Valley for more than two decades, and he's written more than a dozen books. He also co-scripted the documentary film Silicon Valley: A 100 Year Renaissance, which aired on PBS.  He can be reached at [email protected].


comments powered by Disqus

Featured

  • Death of the Dev Machine?

    Here's a takeaway from this week's Ignite 2020 event: An advanced Azure cloud portends the death of the traditional, high-powered dev machine packed with computing, memory and storage components.

  • COVID-19 Is Ignite 2020's Elephant in the Room: 'Frankly, It Sucks'

    As in all things of our new reality, there was no escaping the drastic changes in routine caused by the COVID-19 pandemic during Microsoft's big Ignite 2020 developer/IT pro conference, this week shifted to an online-only event after drawing tens of thousands of in-person attendees in years past.

  • Visual Studio 2019 v16.8 Preview Update Adds Codespaces

    To coincide with the Microsoft Ignite 2020 IT pro/developer event, the Visual Studio dev team shipped a new update, Visual Studio 2019 v16.8 Preview 3.1, with the main attraction being support for cloud-hosted Codespaces, now in a limited beta.

  • Speed Lines Graphic

    New for Blazor: Azure Static Web Apps Support

    With Blazor taking the .NET web development world by storm, one of the first announcements during Microsoft's Ignite 2020 developer/IT event was its new support in Azure Static Web Apps.

  • Entity Framework Core 5 RC1 Is Feature Complete, Ready for Production

    The first release candidate for Entity Framework 5 -- Microsoft's object-database mapper for .NET -- has shipped with a go live license, ready for production.

Upcoming Events