Netskope Report Reveals 75 Percent of Cloud Apps Not Ready for EU General Data Protection Regulation

Quarterly report on enterprise cloud app usage also sees percentage of enterprises with sanctioned cloud apps laced with malware nearly triple

Netskope, the leading cloud access security broker, today announced the release of the June 2016 Netskope Cloud Report™ on enterprise cloud app usage and trends. According to the report, in the first quarter of 2016, employees used, on average, 935 cloud apps in a given organization, a slight increase from the previous report. The report focuses on cloud app readiness for the European Union General Data Protection Regulation (GDPR) and found that three-quarters of apps lack key capabilities to ensure compliance. In addition, the report found that 11 percent of enterprises have sanctioned apps laced with malware, a nearly threefold increase from the prior report.

With full GDPR implementation less than two years away, many enterprise cloud apps have a significant amount of catching up to do before the deadline. Seventy-five percent of the more than 22,000 apps tracked in the report fail to comply with the regulation’s data privacy mandate, which include requirements for core security features, like deleting personal data in a timely manner, and for data portability. Failure to comply will impose significant penalties on enterprises: $22 million or up to four percent of annual worldwide revenue, whichever total is greater.

“The shift to the cloud presents an increasing complexity and volume of security challenges for enterprises, including regulations like the EU GDPR,” said Sanjay Beri, CEO and founder of Netskope. “With the deadline for compliance looming, complete visibility into and real-time control over app usage and activity in a centralized, consistent way that works across all apps is paramount for organizations to understand how they use and protect their customers’ personal data.”

Netskope created a unique methodology to determine GDPR compliance scores. A series of factors, including data retention, privacy and protection, were used to score apps on a scale of 1-100, with a higher score indicating GDPR compliance readiness. Among the more than 22,000 apps analyzed in the report, 27.8 percent scored “low” when it comes to GDPR readiness, 47.6 percent scored “medium” and only 24.6 percent scored “high.”

Other Significant Report Findings

Percentage of Enterprises with Malware-Laced Sanctioned Cloud Apps Nearly Triples

For the second consecutive quarter, the report examined the percentage of enterprises that have sanctioned apps containing malware. This figure has nearly tripled from the previous cloud report, increasing from 4.1 percent to 11.0 percent. This shift indicates that cloud apps are a growing and particularly vulnerable threat vector for enterprises.

The majority of malware detected were JavaScript exploits and droppers (63.3 percent), which are increasingly used to deliver ransomware that encrypts users’ files or entire systems. The remainder consisted of Microsoft Office macros (21.3 percent), backdoors (4.9 percent), mobile malware (4.3 percent), and spy- and adware, Mac malware, and other malware at 3.2 percent, 2.7 percent, and less than 1 percent, respectively. Nearly three quarters (73.5 percent) of these detections were categorized as “severe.” More than a quarter (26.0 percent) of malware was detected in files that had been shared with others, demonstrating the ease of propagation and risk of malware in the cloud.

Microsoft Maintains Lead in Enterprise App Usage

Microsoft continues to dominate the enterprise cloud productivity and storage app markets, claiming seven of the top 20 apps used by Netskope customers. Microsoft Office 365’s Outlook.com (web mail) and OneDrive (cloud storage) apps come in at numbers two and three, respectively, after Facebook, which claims the top spot. OneDrive for Business outranks Google Drive and Apple iCloud Cloud Storage apps, showing Microsoft remains the go-to for enterprise apps.

Cloud Storage Apps Continue to Lead in Cloud Data Loss Prevention (DLP) Violations

Cloud storage apps continue to dominate cloud DLP violations, accounting for 73.6 percent of all violations, followed by web mail at 22.1 percent. Downloads account for the majority of DLP violations (over 50 percent), followed by upload and send. While protected health information (PHI) was the most common cloud DLP violation last fall, the June 2016 report saw personally identifiable information (PII) take the lead at 44.0 percent.

Breakdown of Cloud Apps By Industry

The report found that of the average 935 cloud apps in use per enterprise, a two percent increase from the previous quarter. The vast majority, 94.6 percent, of these apps are not enterprise-ready and lack key functionalities such as security, audit and certification, service-level agreement, legal, privacy, financial viability, and vulnerability remediation. Within specific verticals, financial services companies had the highest number of cloud apps in use, averaging 1,046 per business. This was followed by manufacturing, which had 1,021 cloud apps in use per business.

Average Cloud Apps per Enterprise by App Category

Apps in the marketing and collaboration categories had the highest number of cloud apps per enterprise. While more marketing apps are in use, collaboration apps are proving to be more ready for enterprise security standards: 90 percent are not enterprise-ready while 97 percent of marketing apps are not enterprise-ready.  In addition to the marketing category, the large majority of productivity, human resources and finance/account apps are not enterprise-ready.

Netskope Resources

• Download the Netskope Cloud Report for more detailed analysis and to see the full list of the most widely used enterprise cloud apps
• Attend the Netskope presentation with Toyota at Gartner Security & Risk Management Summit in National Harbor, MD on June 15
• Learn about how to gain visibility into enterprise cloud apps and how to ensure they are secure and compliant
• Visit the Netskope Hub for the latest commentary and insight on trends from the Netskope team

About the Netskope Cloud Report

Based on aggregated, anonymized data from the Netskope Active Platform, which provides discovery, surgical visibility and control over any cloud app, the report’s findings are based on millions of users in hundreds of accounts in the global Netskope Active Platform from January 1 through March 31, 2016.

About Netskope

Netskope™, the leading cloud access security broker (CASB), helps enterprises find, understand and secure sanctioned and unsanctioned cloud apps. Through contextual awareness and a multi-mode architecture, Netskope sees the cloud differently. This results in the deepest visibility and control, the most advanced threat protection and data loss prevention and an unmatched breadth of security policies and workflows. The world’s largest companies choose Netskope, the only CASB that ensures compliant use of cloud apps in real time, whether accessed on the corporate network, remotely or from a mobile device. With Netskope, enterprises move fast, with confidence. To learn more, visit our website.