Conference Coverage

RSA 2017: Special conference coverage

Reporting and analysis from IT events
News Stay informed about the latest enterprise technology news and product updates.

CSA: Custom applications creating new 'shadow cloud' risks

The Cloud Security Alliance unveiled new research at RSA Conference 2017 that shows custom enterprise applications are creating shadow cloud risks for organizations.

SAN FRANCISCO -- Commercial software-as-a-service applications aren't the only source of shadow cloud woes, according to new research from the Cloud Security Alliance.

CSA's report, titled "Custom Applications and IaaS Trends 2017," was unveiled Monday at RSA Conference 2017, and it shows enterprises deploying a growing number of custom applications and moving them to the public cloud, but IT security teams are only aware of a fraction of those apps. Custom software programs that are unknown to IT departments are considered shadow cloud applications.

The report was conducted in partnership with Skyhigh Networks, a cloud access security broker headquartered in Campbell, Calif., and surveyed more than 300 IT professionals directly involved in developing, deploying and securing custom enterprise applications. According to the report, the average organization has 464 custom enterprise applications deployed, but IT security departments are aware of just 38.4% of the applications.

The CSA report also showed more than 20% of custom enterprise applications currently deployed in on-premises data centers will move to the public cloud in the next 12 months. In addition, the number of custom apps deployed in the data center, which is currently at 60.9%, is expected to fall to 46.2% over the next year, as public cloud adoption increases, according to the report.

While much of the attention around shadow cloud services has previously been focused on commercial third-party apps and services, such as Google Docs, Office 365 and Dropbox, the report claimed, "There is now a sizeable number of 'shadow' applications developed internally that IT security is not aware of or involved in securing."

While IaaS providers offer secure platforms, we see the majority of cloud customers lack the tools and expertise to protect applications they develop and deploy in the public cloud.
Jim ReavisCEO, Cloud Security Alliance

Kamal Shah, senior vice president of products and marketing at Skyhigh, said custom application development is often done within specific departments. This contributes to the shadow cloud problem, he said, because it's a challenge for IT security teams to track each custom app and where it's being deployed. "You have lines of business doing things on their own and developing apps for a competitive advantage," he said. "Virtually every company is leveraging their own custom software today."

Shah also said cloud instances can be quickly created for development and testing environments for custom enterprise applications, which could lead to even more apps being developed and deployed in the cloud. "I think it's partially true that custom application development has been made easier with the public cloud," he said. "So, if anything, the number of custom applications is going to keep increasing."

"Companies need the scale and agility of cloud environments to stay competitive in the digital economy, but leaving the data center exposes applications to new threats and vectors of risk," said CSA CEO Jim Reavis in a statement. "While IaaS [infrastructure-as-a-service] providers offer secure platforms, we see the majority of cloud customers lack the tools and expertise to protect applications they develop and deploy in the public cloud."

Next Steps

Read why RSA Conference 2017 will focus on internet-of-things security

Find out which companies are nominated for RSA Conference's Innovation Sandbox

Learn more on how cloud access security brokers are deployed by enterprises

PRO+

Content

Find more PRO+ content and other member only offers, here.

Conference Coverage

RSA 2017: Special conference coverage

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How does your company monitor and secure custom enterprise applications in the cloud?
Cancel

-ADS BY GOOGLE

SearchSecurity

SearchCloudComputing

SearchAWS

SearchCloudApplications

SearchServerVirtualization

SearchVMware

ComputerWeekly

Close