Add as a preferred source on Google


Bekker's Blog by Scott Bekker, Editor in Chief

Blog archive

Report: Buyer Beware on Cloud Service Security

When it comes to the baseline security of all those cloud services companies are using for every conceivable business function, there's good news and bad news in Skyhigh Networks' latest quarterly Cloud Adoption and Risk Report.

Campbell, Calif.-based Skyhigh helps enterprise customers manage their use of cloud services with appropriate levels of security, compliance and governance. Over the last year, Skyhigh has been releasing a quarterly report based on analysis of the usage patterns of millions of employees at hundreds of enterprise companies. Skyhigh released its Q4 2014 report on Wednesday (available here, but registration required).

The good news is that more than twice as many cloud service providers (CSPs) encrypted customer data at rest in the fourth quarter of 2014 compared to the fourth quarter of 2013, Skyhigh found. Skyhigh defines CSPs as the companies providing the cloud services employees are using to do their work.

"They're investing more in security," said Kamal Shah, vice president of products and marketing at Skyhigh, in an interview. "That was encouraging to see."

In raw numbers, that means 1,082 CSPs encrypted data at rest in Q4 2014, compared with 470 taking that step in the same period of 2013.

But given the massive number of cloud services in use in enterprise organizations, the services encrypting data at rest are barely in double-digit percentage territory. "Roughly 11 percent of these cloud providers now encrypt data at rest. The risks are still great because you still have 89 percent of cloud service providers who don't encrypt data at rest," Shah said.

A parallel trend is in play for multi-factor authentication -- 1,459 services used in the last quarter of 2014 compared against 705 in Q4 2013.

Use of cloud services is on an upward tear, according to Skyhigh's analysis, with the average employee using 27 of them and the average company using 897.

Shah doesn't think organizations can afford to clamp down on usage too much. "The services are faster, cheaper, better and help them get their jobs done quicker," he said. It's just a clear case of buyer beware. "As enterprises are using cloud file sharing services, it's important that they're choosing ones that are using security."

Posted by Scott Bekker on February 11, 2015


Featured

  • Microsoft Dismantles RedVDS Cybercrime Marketplace Linked to $40M in Phishing Fraud

    In a coordinated action spanning the United States and the United Kingdom, Microsoft’s Digital Crimes Unit (DCU) and international law enforcement collaborators have taken down RedVDS, a subscription based cybercrime platform tied to an estimated $40 million in fraud losses in the U.S. since March 2025.

  • Sound Wave Illustration

    CrowdStrike's Acquisition of SGNL Aims to Strengthen Identity Security

    CrowdStrike signs definitive agreement to purchase SGNL, an identity security specialist, in a deal valued at about $740 million.

  • Microsoft Acquires Osmos, Automating Data Engineering inside Fabric

    In a strategic move to reduce time-consuming manual data preparation, Microsoft has acquired Seattle-based startup Osmos, specializing in agentic AI for data engineering.

  • Linux Foundation Unites Major Tech Firms to Launch Agentic AI Foundation

    The Linux Foundation today announced the creation of a new collaborative initiative — the Agentic AI Foundation (AAIF) — bringing together major AI and cloud players such as Microsoft, OpenAI, Anthropic and other major tech companies.

Most   Popular