A Netskope survey of RSA Conference attendees shows that even the most security-savvy IT professionals aren't aware of their companies' cloud apps policies.
Cloud has pretty much hit the mainstream at this point, but it looks as though corporate policies around the use of cloud applications are still a little ambiguous—or non-existent. And even when there are policies in place, it doesn't mean senior management is doing a good job of communicating them, even to the IT security folks who really should know them.
A survey conducted by Netskope at RSA Conference in San Francisco this week found that 60 percent of the IT security attendees are either unaware of their companies' cloud apps policies or are certain they don't exist.
Those aren't exactly numbers to be proud of, but on the plus side, more than two-thirds of those surveyed said they would consider their companies' privacy policies before downloading an app. That still means there's a third of IT security people who wouldn't consider such policies before clicking on "download," so clearly there's still some work to do.
Based on Netskope's research, the average enterprise is using 397 cloud apps, which is up to 10 times as many as IT has within its purview. That is a lot of rogue cloud applications being used within the enterprise; and of course, it's almost guaranteed most of them are touching corporate data at some point.
"It's not surprising to see that although cloud app usage has caught on in the enterprise, the majority of companies are behind on establishing clear policies and guidelines, and as a result employees are in the dark about the implications of their app usage," said Sanjay Beri, founder and CEO of Netskope, in a prepared statement. "With the amazing benefits that cloud apps bring, enterprises also shoulder significant risks that can no longer be ignored. We expect to see cloud app analytics and policy implementation become a top priority in the coming months as businesses look to optimize their usage of cloud apps with an eye on both agility and security."
Let's hope so. Not only should such policies significantly reduce the risks organizations are facing with so much shadow IT going on, but it also means a lucrative opportunity for the channel partners who are helping customers deal with this security crisis.