Skip to main content

European cloud report shows businesses still well adrift on data protection standards

Skyhigh Networks has released the latest quarterly instalment of its European Cloud Adoption and Risk Report.

The report pulls real world usage data from 1.6 million European cloud users, and it found that the number of cloud services in use by the average company went up 23 per cent, from 588 in the first quarter to 724 in the third quarter.

However, there are distinct security concerns with these services, as Skyhigh's Cloud Trust Program – which ranks cloud services according to risk levels – found that only 9.5 per cent of all these solutions met the "most stringent security requirements" (which involved data encryption and strong password policies).

And there's more fretting to be done regarding the EU Data Protection Directive, as the report determined that 74 per cent of cloud services used by European firms do not meet the directive's current privacy regulations. And of course, the EU is set to bring in stricter policies on data protection – with massive potential fines – soon.

The simple truth is that much cloud usage falls in the realm of Shadow IT, meaning that employees are using cloud services without the IT department's knowledge or permission. 76 per cent of IT pros did not know the extent of the proliferation of Shadow IT at their company, and Skyhigh found that the block rates on certain services were out of line with IT staff's expectations. For example, 44 per cent of IT pros intended to block YouTube off from staff members, but only 1 per cent of businesses actually blocked Google's video site fully.

Related: Shadow IT: The struggle to protect corporate information in the face of growing data fragmentation

Rajiv Gupta, CEO of Skyhigh Networks, observed: "The gap between perception and reality uncovered by this study is worrying, as so much corporate data is being uploaded to cloud services that IT teams believe they have blocked."

"It only takes one misstep to cause a serious security or compliance threat to an organisation. As such, mechanisms should be in place not only to discover which cloud services are being used, but also to analyse the risk profile of these services and understand the true implications for enterprise data security."

The report also highlighted the single most careless cloud user in Europe, who uploaded over 17.5GB of data to 71 high risk cloud services over the quarter. That's around a quarter of a gig per working day – pretty impressive going for one employee, and it underlines the threat even a single staff member can represent to sensitive data.

Read more: Fact: What we think of cloud security is not strictly reality