Marketers use the most cloud apps in an organization, yet 98 percent of their apps are not “enterprise-ready” and put data at risk, according to a new report on app usage trends by cloud security company Netskope.
The “Netskope Cloud Report’’ findings indicate increased use of cloud-based analytics tools to produce more sophisticated marketing campaigns and give credence to Gartner’s projection that CMOs will have more IT budget than CIOs by 2017, said Jamie Barnett, vice president of marketing at Netskope. “Marketing loves cloud apps and to collaborate and share,’’ she told CMO.com. “They need the data, ... integration, speed, and agility that cloud apps provide.”
The quarterly report examined usage trends (defined as the number of discrete sessions), the most active apps, and policy violations–what users are doing that either security or IT personnel consider an unsanctioned activity. Netskope scored the cloud apps based on its Cloud Confidence Index, which was adapted from the Cloud Security Alliance and looks at security, auditability, and business continuity capabilities, Barnett said.
“For IT, this is an interesting time because more budget is increasingly being spent outside of their control,’’ Barnett said, but they still have to protect data, enforce policies, and monitor compliance.
Enterprises are continuing to adopt cloud apps at a rapid pace, with an average of 508 apps per organization in the second quarter of 2014, up from 461 in the previous quarter, according to the report. Marketing departments, specifically, have seen an increase of 14 apps per enterprise since Q1, for an average total of 61 in use during Q2.
But the majority (88.4 percent) of those 500-plus apps are deemed not enterprise-ready, which means they scored a “medium” or “below“ on the Cloud Confidence Index. The problem, of course, is that many marketing apps–nearly all of which are not considered enterprise-ready by Netscope–contain customer data.
“It’s important for organizations to treat that customer data with care; they want to make sure the customer data in their cloud apps are not being inappropriately accessed by unauthorized users and not being shared outside of company,’’ Barnett said. Many of the apps considered not enterprise-ready lack features such as audit logging, to give IT visibility into who is downloading customer data to a mobile device, for example, or whether a terminated employee still has access to corporate data, she added.
Other factors examined included whether the app enables the auditing of a user, administrator, and data access activities; offers security features, such as support for multifactor authentication, encryption of data at rest, and separation of tenant data in the cloud; and has a well-defined business continuity plan in the event of a technology outage or natural disaster.
“Marketing also cares very much about this information because if they’re the cause of a data breach or has data stolen, that has a tremendous impact on a company’s perception,” Barnett said.
“The main thrust of report ... was the really widespread activity of sharing,’’ she added. “We hear a lot about uploading and downloading information, but something that is really striking is the sheer number of apps that share.”
These include cloud storage apps–one of top categories used by marketing professionals–she said, such as Google Drive, Dropbox, and Box. Other cloud-based apps with a high level of sharing in marketing departments “aren’t apps you’d think about,” such as Evernote, Salesforce, Trello, and Zoho. Often such apps are used to share content with unauthorized users, she said.
There are three shares for every upload in cloud storage and sharing in almost every cloud app category, according to the report.
“When we talk to our customers, this notion of sharing is really one of the biggest hot-button issues because ... when people share there’s no visibility [for IT and security personnel],” Barnett said.
Marketing, however, is not a top category for policy violations, she added, “so IT has not necessarily gone in and set a number of policies for marketing.”
Activities with the highest number of policy violations included login, download, edit, view, and create.
The Netskope report findings are based “on millions of users and tens of thousands of cloud app events,” such as an activity a user performs in the cloud, according to Barnett. The report focused on midsize to large organizations with 1,000 or more employees at U.S.-based businesses.