BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
SAN FRANCISCO -- Enterprises are using hundreds of cloud services and applications, yet only a small fraction of that number is approved by IT departments.
"On a quarterly basis, we publish a report, the SkyHigh Cloud Adoption and Risk Report. And this is actual usage data across 17 million employees and across over 400 enterprises," said Kamal Shah, vice president of products and marketing at SkyHigh Networks, Inc. "And what we found is on average an organization is using 953 cloud services."
The problem, according to Shah, is that less than 1% of those services have been authorized by the enterprises' IT departments.
In this interview, recorded at the RSA Conference 2015, Shah describes the scope of shadow cloud, or the usage of cloud apps and services not approved by IT, in the enterprise. For example, Shah said that according to SkyHigh's most recent report, shadow cloud usage is typically 10 to 20 times larger than what enterprises estimate. So how do enterprises get control of the problem?
"It's no longer about saying 'No' to the employees," Shah said. "They're using cloud services for the right reasons -- to increase productivity and to help them get their jobs done faster."
Instead of outright banning shadow cloud apps and services, SkyHigh provides secure enablement of those offerings as a cloud access security broker. The company's cloud security platform creates policy-based enforcement points and controls around popular public cloud services, such as Salesforce, Office 365, Dropbox and others.
Shah goes on to explain what types of shadow cloud apps and services are most popular in the enterprise, such as file sharing and collaboration, and why. He also discusses how many of the consumer-focused cloud application vendors like Dropbox are adding more enterprise-focused security measures, such as encryption and multifactor authentication.