Few cloud services have basic security capabilities, says vendor study

Cloud service providers talk a lot about their security and are beefing it up. But a new report shows that progress is painfully slow, with most not adopting best practices.

The number of cloud services that support multifactor authentication doubled in 2104, says the the latest quarterly study by Skyhigh Networks, which sells security solutions to cloud providers. But that accounted for only 17 per cent of the 10,000 cloud services tracked in the fourth quarter of 2014.

Eleven per cent of all services studied in the quarter (1,802) encrypt data at rest,  a significant increase from 470 in the same period in  2013. Still, despite the large number of data breaches reported last year, that means not event half of cloud providers encrypted data by the end of the year.

Similarly, only five per cent of cloud providers studied held ISO 27001 information security management certification. That was up greatly from Q4 2013.

More significantly, the report concluded that over 89 per cent of the cloud services studied lack basic security capabilities required by enterprises.

Asked in an interview why encryption adoption is so slow Kamal Shah, Skyhigh’s vice-president of products and marketing admitted that “a lot of people don’t think it’s a priority.” The biggest challenge with encryption is the application has to be smart enough to decrypt the data, he added. It has to deal with search and sorting when data is enctrypted. The technology is only now “coming to the forefront,” he said.

The conclusions came from examining anonymized logs of Skyhigh customers, which includes 350 enterprises and 15 million users. The full report is here.

The average company used 897 cloud services in Q4, up from 626 in the same period in 2013. Development services such as GitHub, SourceForce, etc. experienced the largest rate of growth at 97 per cent. The second fastest-growing category was collaboration (like Microsoft Office 365, Gmail), which grew 53 per cent over 2013.

Thirty-seven per cent of employees upload sensitive data to file sharing services, the report also said, and 22 per cent of all files uploaded to file sharing services contained sensitive data. Beyond file sharing, four per cent of fields in other critical business applications such as CRM contain sensitive personally identifiable information  health information data subject to regulatory compliance.

The vast majority of companies studied have users with at least one stolen login credential and the average company had 12 per cent of users affected. Assuming 31 per cent of passwords are reused across Web sites and applications, stolen login credentials “pose significant risk to corporate data,” the report concluded.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now