European businesses are vulnerable to cloud security risks as only 1% of the cloud services in use offer enterprise-grade security and store organisations’ data in Europe’s jurisdictional boundaries.
That means 99% of cloud services store data in countries where data privacy laws are less stringent or don’t have enterprise-grade security capabilities, or both, revealed a study.
European enterprises use an average of 588 cloud services, according to the study's European cloud adoption and risk report. But despite such prolific use of cloud computing, only 9% of the cloud services provide enterprise-grade security capabilities, while the remaining 91% pose security risks.
When it comes to data privacy and data residency, the risk is even higher, as 99% of cloud services either store data in countries such as the US, Russia and China, where data privacy laws are less stringent, or don’t have enterprise-grade security features.
The study revealed that 25 of the top 30 cloud services in the collaboration, content sharing and file-sharing categories were based in countries outside Europe. Despite the buzz around data privacy, as much as 72% of cloud services used in Europe store data in the US.
This also leads to legal and compliance implications for certain organisations. The report further found that only 5% of cloud services in Europe are ISO 27001 certified, posing additional compliance issues for those organisations unaware that their employees are using uncertified services.
More on cloud security
- Security Think Tank: Balancing cloud risk and reward
- The problem with regional clouds
- With risks revealed, information privacy in the cloud grabs attention
- A risk equation unravels the cloud security paradox
- To avoid cloud risk concerns, seek specific answers from providers
Shadow IT presents cloud risk
One reason for such high risk from cloud services is because of the uncontrolled proliferation of shadow IT. Shadow IT is hardware or software in an enterprise that is not supported or approved by the organisation’s central IT department.
Much of the cloud adoption in European organisations occurs under the radar of the CIO or CISO, leading to a situation where shadow IT is widespread, according to Skyhigh Networks, the cloud company that commissioned the report.
The ease with which employees can now consume cloud applications means there is often little consideration for the security implications or impact on wider business policies. When CIOs examine the use of cloud services across the organisation, they find shadow IT is 10 times more prevalent than they initially assumed, the report stated.
“Cloud services certainly enable agile, flexible and efficient businesses, and employees should be encouraged to use them," said Rajiv Gupta, chief executive of Skyhigh Networks. “But many employees are still unaware of the risks associated with some cloud services, and could even be jeopardising the overall security position of their organisation.”
Businesses need to get smarter about the cloud and IT needs to develop a greater understanding of cloud’s risk, said Gupta.