IT professionals unaware of how many cloud apps are used in their company

Cloud services are being increasingly adopted, but when it comes to cloud usage in businesses, IT professionals don't actually have a very good handle on how widespread it is.

That's the finding of a new survey which shows a distinct gap between the number of cloud-based apps IT pros think are running in their organisation, compared to the numbers reported by cloud application vendors.

The Cloud Usage: Risks and Opportunities report from the Cloud Security Alliance (CSA) showed that worldwide, 54 per cent of IT and security professionals said they have 10 or less cloud-based apps running in their company. 87 per cent said they had 50 or less applications running in the cloud (with a weighted average of 23 apps per organisation, according to the CSA).

Compare that number to the amount reported by cloud vendors, who estimate that over 500 cloud apps are running in an enterprise, on average. A pretty massive disparity indeed.

Jim Reavis, CEO of the CSA, commented: "We found these results particularly interesting and at the same time concerning. It's hard to control what you can't see. If you are only seeing one tenth of your actual cloud usage, it's impossible to put cloud policies in place to protect users and data."

"This tells us that cloud app discovery tools, along with analytical tools on cloud app policy use and restrictions, are very important in the workplace, especially when it comes to sensitive data being used by cloud applications."

Related: 9 questions you should ask before putting your data in any cloud

On a more positive note, the survey (sponsored by Netskope and Okta) found that with cloud apps, the vast majority of firms had data protection and compliance policies in place – and nearly 80 per cent of policy enforcement pertained to cloud storage and backup.

Over 50 per cent of organisations also said they had a policy addressing BYOD, and 80 per cent of those said it was "at least somewhat followed".

JR Santos, Global Research Director of the CSA, said: "By consolidating and standardising the most secure and enterprise-ready cloud services, knowing what policies will have the most impact, and understanding where to focus when educating users, we can improve the protection of data and applications in the cloud."