Advertisment

Nine out of ten Cloud services are putting European businesses at risk

author-image
Soma Tah
New Update

CUPERTINO, USA: Skyhigh Networks' European ‘Cloud Adoption and Risk Report' reveals that only 9 percent of the cloud services in use provide enterprise-grade security capabilities, while the remaining 91 percent (more than nine out of ten) pose medium to high security risks to organisations.

Advertisment

From a data privacy and data residency perspective, only one percent of the cloud services in use both offer enterprise-grade security capabilities and store data in Europe's jurisdictional boundaries, and the remaining 99 percent, either store data in countries where data privacy laws are less stringent or don't have enterprise-grade security capabilities, or both.

Shadow IT Can Be Risky Business

Much of the cloud adoption within European organisations occurs under the radar of the CIO or CISO - leading to a situation where Shadow IT is widespread and uncontrolled. The ease with which employees can now consume cloud applications means that there is often little consideration for the security implications or impact on wider business policies. When CIOs examine the use of cloud services across the organisation, they generally find Shadow IT is 10 times more prevalent than they initially assumed.

Advertisment

Key findings from the report include:

  • Only 5 percent of cloud services in Europe are ISO 27001 certified, posing compliance issues for those organisations unaware that their employees are using uncertified services.
  • 25 of the top 30 cloud services in the collaboration, content sharing, and file sharing categories were based in countries (United States, Russia, China) where the privacy laws are far less stringent compared to Europe.
Advertisment
  • 49 different services in use are tracking the browsing behaviour of employees on the Internet. This exposes organisations to the increasingly prevalent watering hole attack.

"Cloud services certainly enable agile, flexible, and efficient businesses, and employees should be encouraged to use services that best suit their working style and enhance their productivity," said Rajiv Gupta, CEO Skyhigh Networks.

"However, it is evident from this study that too many employees are still unaware of the risks associated with some cloud services, and could even be jeopardising the overall security position of their organisation."

"Of the services that we analysed, 72 percent stored data in the US - which could have legal and compliance implications for certain organisations in Europe. The bottom line is that businesses need to get smarter about the cloud. IT needs to develop a greater understanding of the cloud services in use and the risk they present, and play a leadership role in educating users and guiding the organisation to securely embrace the cloud."

tech-news smac