Cloud services are not enterprise grade

Skyhigh Networks report shows cloud services are increasingly unsafe
Skyhigh Networks report shows cloud services are increasingly unsafe

The quarterly Skyhigh Networks Cloud Adoption and Risk Report is now out and it shows a significant increase in the number of file services used by enterprises and the risks that they face.

The report is 24 pages long and covers a multitude of bad practices and problems with cloud adoption. The last portion of the report covers the usage trends for cloud showing the average number of cloud services detected across Skyhigh Networks customer base. This quarter it hit 1,154 up 6% over the previous quarter.

Nigel Hawthorn, EMEA Marketing Director, Skyhigh Networks
Nigel Hawthorn, EMEA Marketing Director, Skyhigh Networks

We asked Nigel Hawthorn, EMEA Marketing Director, Skyhigh Networks if these were all unique services or if 50 users with Dropbox accounts would account for 50 of the 1,154 services counted. According to Hawthorn: “This is absolutely the number of unique separate users. If there were 50 people using Dropbox we would only count it as a single service. To gather this information we use data anonymised from users around the world.”

The services are broken down into two groups consumer and enterprise. 841 (72.9%) are described as enterprise services while 313 (27.1%) are listed as consumer services. Hawthorn explained the difference saying: “The difference between consumer and enterprise is more to do with how they are marketing their services. We look at who they are aiming their marketing at and whether their licences are designed for the enterprise or just primarily the consumer market.

“This is not a technical comparison around additional security. One of the problems here is that you could argue that some of those services should be seen as enterprise rather than consumer given their usage.” Hawthorn’s comment is interesting because it shows how confused the cloud market is in terms of its customer base, the licence terms for software and how to protect user data.

The Skyhigh Networks CloudTrust Program

Skyhigh Networks has its own Skyhigh Networks CloudTrust Program that it uses to rate the security of cloud services. When rating a cloud service Skyhigh Networks groups its research into five different areas:

  1. Data attributes
  2. User and device attributes
  3. Service attributes
  4. Business attributes
  5. Legal attributes

There are a range of other complex criteria that Skyhigh Networks has not made public. What it has said is that the security criteria were developed in conjunction with the Cloud Security Alliance (CSA) and are regularly checked by their own Skyhigh Service Intelligence team. This means that a cloud service can improve its rating as it increases its security or other attributes. Similarly, if it has a breach it can move down in the ratings.

This use of a complex rating system is important. It allows customers to decide if they trust a vendor. Skyhigh Networks does publish a list of vendors who have passed their tests on their website but it is not a complete list and contains just 94 companies. Anyone who wants the complete list will need to talk to Skyhigh Networks.

<next: The vast majority of cloud services are insecure>

Cloud services are not enterprise grade was last modified: by

Post Comment