1 cloud report JAN 2014 Netskope Cloud Report In the second Netskope Cloud Report, we ve compiled the most interesting trends on cloud app adoption and usage based on aggregated, anonymized data from the Netskope Active Platform. What is particularly interesting is that cloud app adoption has spread across virtually every business function. What s shocking is that IT professionals underestimate the number of apps in use in their organizations by 90 percent. The number of apps per category is concerning to IT professionals on average, there are 35 HR and 18 Finance/Accounting apps in use per enterprise, where by their own estimates, they had assumed only one or two per department. And in an interesting twist, we found that of all the apps detected, Twitter has the highest usage in enterprises, beating out popular apps for Storage, Productivity, and other enterprise-oriented categories. Report findings are based on billions of cloud app events seen across hundreds of thousands of users and represent usage trends from October December Report Highlights Twitter is the most popular cloud app in the enterprise Enterprises use 10 times the number of cloud apps than IT thinks they do Enterprises use an average of 35 cloud HR and 18 Finance/ Accounting apps Three of the top 10 cloud apps are Storage, and enterprises use an average of 26 such apps
2 Twitter, a Consumer App, is #1 in Enterprise Usage What are the top apps used in the enterprise? According to usage seen in the Netskope Active Platform, Twitter tops the list. We define usage as number of distinct app sessions.1 While it may seem ironic that a consumer cloud app is number one on the list for enterprise usage, it s not surprising. Twitter has become increasingly relevant in business as marketers, salespeople, research and development professionals, and even executives find social media to be an impactful tool in promoting their organizations, consuming relevant news and content, and building their personal brand. While popular consumer apps Facebook and LinkedIn were also among the top used in the platform, those apps did not make the top 10 list. APP NAME CATEGORY APP NAME CATEGORY 1 Twitter Consumer 6 Help Desk 2 Dropbox Storage 7 Productivity 3 Google Drive Storage 8 Help Desk 4 Salesforce.com CRM / SFA 9 5 Box Storage/ Collaboration 10 Concur Finance/ Accounting HR
3 Reality vs. Perception: More Cloud Apps Than You Realize 40 50? Typical IT estimate cloud apps in use in enterprise 397 on average, discovered by Netskope 77% Overall, enterprises using the Netskope Active Platform have an average of 397 cloud apps running in their organizations. However, prior to using Netskope, they typically estimate they have apps. That s 10x. of those cloud apps are not enterprise-ready This lack of visibility has tremendous security and compliance consequences. For one thing, 77 percent of those cloud apps are not enterprise-ready, which means they re rated medium or below in the Netskope Cloud Confidence Index,2 an objective measure of cloud apps security, auditability, and business continuity that has been adapted from Cloud Security Alliance guidance. Even enterprise usage in such apps is high: 67 percent of sessions are in apps rated medium or below. Some of the functional distinctions separating top- and bottom-rated apps include audit logging, granular role-based policies, and separation of customers data in the cloud.
4 35 HR Apps per Enterprise Five most prevalent categories in Netskope Active Platform marketing HR storage CRM/SFA collaboration The five most prevalent categories in the Netskope Active Platform are: Marketing, HR, Storage, CRM/SFA and Collaboration. Perhaps the most striking of these is the number of cloud HR apps per enterprise: 35. While HR is a broad category, with specific apps for benefits, salary, performance, time-tracking, and more, the number still raises security and compliance questions. With that many apps, IT professionals are concerned about whether they have the appropriate controls in place to protect personally- identifiable information. Similarly, there are 18 Finance/Accounting apps per enterprise. While the category isn t in the top five, the number of apps is surprising given regulatory implications. For public companies who must comply with Sarbanes-Oxley, the high number raises the question about whether cloud financial systems and data are being accessed only by authorized individuals. While not every one of the HR or Finance/Accounting apps is subject to regulation, it s not always clear which ones are and whether they are properly controlled. For that, IT must monitor activity within the apps and understand what content is being accessed, edited, deleted, and shared, with whom it is shared, and so on. We also found the number of Storage apps per enterprise to be remarkably high at 26. Unlike HR or Finance/Accounting, which cover a broad set of functions, Storage apps are narrower in scope, and have redundant functionality with each other. Even organizations that have chosen to standardize on one Storage app like Dropbox or Google Drive have discovered a long tail of such apps that are unsanctioned but in use. Given the ease with which content can be synced across multiple devices and shared outside of an organization in these types of apps, this number was especially concerning to IT professionals.
5 What Are People Doing in Cloud Apps? The activities we track in the Netskope Active Platform are especially telling when juxtaposed against policy violations, activities concerning data classified as sensitive or confidential, and data leakage incidents.3 Most common activities in cloud apps Create Upload Share Activities such as upload, share, and download are among the most watched in the Netskope Active Platform because they can signal data leakage or compliance violations. For example, one biopharmaceutical company discovered the use of several big data cloud apps to analyze clinical trial data. Their goal is to prevent the upload of data sets that contain personal health information to such apps that don t meet their HIPAA-HITECH compliance standards. Similarly, a media company discovered users improperly sharing intellectual property with unauthorized third parties via cloud file sharing. Their goal is to limit the sharing of particular content with people and partners outside of the company and even with certain groups within the company. Whether motivated by compliance, loss of intellectual property, or loss of reputation, the concern is widespread. The Ponemon Institute recently reported that 90 percent of organizations admit to losing control of sensitive content in cloud file sharing apps. Delete Post Download View Edit 90% of organizations admit losing control of sensitive content in cloud file-sharing apps
6 What Are People Doing in Cloud Apps? (Continued) Today, the vast majority of policy violations result in an alert action,4 versus a block. We believe this is because the ability to block activities within cloud apps is relatively nascent in the market, and IT professionals are first getting their arms around what activities are being performed and in what context (e.g., sharing sensitive content with people outside of the company, improperly editing fields in Finance/Accounting apps, downloading proprietary content to mobile devices, etc.). As enterprises gain more insight into how their employees are using cloud apps and optimize their policies as a result, we expect policy violation figures to vary widely from period to period. We also expect to see an increase in the use of user coaching messages as a means of educating users about risky behaviors and creating transparency around what policies the enterprise is setting. Notes 1. A session is a distinct time period in which a user logs into an app, performs a series of activities, and then ceases to work in the app for a period of time. Existing usage metrics (e.g., HTTP sessions) are often inaccurate because users don t always log out following active usage. Netskope has developed a proprietary heuristic to measure a more accurate period of activity, which we define as a session. Usage is defined as number of discrete sessions. 2. The Netskope Cloud Confidence Index is a database of nearly 3,000 cloud apps that are evaluated on 30+ objective enterprise-readiness criteria adapted from Cloud Security Alliance guidance, including security, auditability, and business continuity. The results of the evaluation are normalized to a score and mapped to five levels from poor to excellent. 3. We define a policy violation as an activity against which a policy has been set in the Netskope Active Platform. 4. We define a policy action as the resulting action (such as alert, block, or bypass) the administrator instructs the Netskope Active Platform to take in real-time when the system detects a violation of a set policy.
Compliance in motion A closer look at the Corporate Sector Deloitte Risk Services March 2015 2 Contents Preface 5 Management summary 6 The compliance culture 7 Compliance priorities for the next five years
December 11, 2013 Dresner Advisory Services, LLC 2013 Edition Wisdom of Crowds Mobile Computing / Mobile Business Intelligence Market Study Licensed to MicroStrategy Disclaimer: This report should be used
BEST PRACTICES WHITE PAPER A path to improving the end-user experience By David Williams, Vice President of Strategy, Office of the CTO, BMC Software TABLE OF CONTENTS EXECUTIVE SUMMARY...............................................
C o m m i t t e e o f S p o n s o r i n g O r g a n i z a t i o n s o f t h e T r e a d w a y C o m m i s s i o n G o v e r n a n c e a n d I n t e r n a l C o n t r o l C O S O I N T H E C Y B E R A G
Research Paper Finding the Right Balance Between Personalization and Privacy Contents The Consumer Digital Footprint... 1 The footprint components and why they re important to personalization...1 Digital
Exploring Strategic Risk 300 executives around the world say their view of strategic risk is changing Contents 3 Executive summary 5 Strategic risk emerges as a key focus for businesses around the world
FIREWALL CLEANUP WHITE PAPER Firewall Cleanup Recommendations Considerations for Improved Firewall Efficiency, Better Security, and Reduced Policy Complexity Table of Contents Executive Summary... 3 The
a report by harvard business review analytic services The New Conversation: Taking Social Media from Talk to Action Sponsored by Conventional marketing wisdom long held that a dissatisfied customer tells
CLOUD COMPUTING: IS YOUR COMPANY WEIGHING BOTH BENEFITS & RISKS? Toby Merrill CLOUD COMPUTING: IS YOUR COMPANY WEIGHING BOTH BENEFITS & RISKS? Toby Merrill Toby Merrill, Thomas Kang April 2014 Cloud computing
Thought Leadership Paper Cloud Computing in the Hedge Fund Industry About Eze Castle Integration Eze Castle Integration is the leading provider of IT solutions and private cloud services to more than 600
Privacy and Tracking in a Post-Cookie World A whitepaper defining stakeholder guiding principles and evaluating approaches for alternative models of state management, data transparency and privacy controls
Work.com Implementation Guide Salesforce, Summer 15 @salesforcedocs Last updated: June 20, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com,
A REPORT BY HARVARD BUSINESS REVIEW ANALYTIC SERVICES Meeting the Cyber Risk Challenge Sponsored by ABOUT ZURICH INSURANCE GROUP Zurich Insurance Group (Zurich) is a leading multi-line insurance provider
The Critical Security Controls for Effective Cyber Defense Version 5.0 1 Introduction... 3 CSC 1: Inventory of Authorized and Unauthorized Devices... 8 CSC 2: Inventory of Authorized and Unauthorized Software...
10 Things Your Next Firewall Must Do Introduction Without question, your network is more complex than ever before. Your employees are accessing any application they want, using work or personal devices.
Google Apps as an Alternative to Microsoft Office in a Multinational Company The GAPS Project Thesis presented in order to obtain the Bachelor s degree HES by: Luc BOURQUIN Supervisor: Thierry CEILLIER,
Introduction.... 1 Emerging Trends and Technologies... 3 The Changing Landscape... 4 The Impact of New Technologies... 8 Cloud... 9 Mobile... 10 Social Media... 13 Big Data... 16 Technology Challenges...
BOOST IT VISIBILITY AND BUSINESS VALUE WITH SERVICE CATALOG Boost IT Visibility and Business Value with Service Catalog Today, CIOs are being asked to cut costs, increase productivity, and find new ways
Firewall Strategies June 2003 (Updated May 2009) 1 Table of Content Executive Summary...4 Brief survey of firewall concepts...4 What is the problem?...4 What is a firewall?...4 What skills are necessary
Hacker Intelligence Initiative Man in the Cloud (MITC) Attacks 1. Executive Summary In this report, we demonstrate a new type of attack we call Man in the Cloud (MITC). These MITC attacks rely on common
Communications Toolkit Part 1 of 3 This online download includes toolkit copy without the FAQ and Sample sections. Principles & Practices for Nonprofit Excellence in Colorado second edition TABLE OF CONTENTS
Practice guide evaluating ethics-related PrograMs and activities JuNe 2012 Table of Contents Executive Summary... 1 Introduction... 2 D e fini tions... 2 Responsibilities for Ethical Climate... 3 Considerations
A Websense White Paper ADVANCED PERSISTENT THREATS AND OTHER ADVANCED ATTACKS: THREAT ANALYSIS AND DEFENSE STRATEGIES FOR SMB, MID-SIZE, AND ENTERPRISE ORGANIZATIONS REV 2 ADVANCED PERSISTENT THREATS AND
10 must-haves for secure enterprise mobility White Paper The 10 musthaves for secure enterprise mobility A security framework and evaluators checklist 2 Becoming a mobile enterprise means new opportunities
April 2013 Operational Intelligence: What It Is and Why You Need It Now Sponsored by Splunk Contents Introduction 1 What Is Operational Intelligence? 1 Trends Driving the Need for Operational Intelligence
TRANSFERS Transferring electronically stored information (ESI) creates many challenges, many of which center around the collection and review of information relevant to the matters transitioning into or
White Paper Application Visibility and Monitoring > An integrated approach to application delivery Application performance drives business performance Every business today depends on secure, reliable information