Cloud Security Alliance New Survey Finds Companies are in the Dark on Shadow IT Usage

By   ISBuzz Team
Writer , Information Security Buzz | Jan 12, 2015 05:03 pm PST

It’s hard to see your shadow in the dark. That’s what the findings from a new Cloud Security Alliance (CSA) survey, titled Cloud Adoption, Practices and Priorities Survey Report, indicated when it surveyed executives and IT managers. Nearly 72 percent admitted that they did not know the number of shadow IT apps within their organization, but they certainly want to. The survey also highlighted that decisions concerning the security of data in the cloud has shifted from the IT room to the boardroom, with 61 percent of companies indicating that executives are now involved in such decisions.

Free eBook: Modern Retail Security Risk – Get your copy now.

“As companies move data to the cloud, they are looking to put in place policies and processes so that employees can take advantage of cloud services that drive business growth without compromising the security, compliance, and governance of corporate data,” said Jim Reavis, CEO of the CSA. “We hope that this report provides companies with some good peer insight so that they can make better decisions to help confidently and responsibly accelerate the use of cloud services in their environment.”

The Cloud Adoption, Practices and Priorities Survey Report includes responses from more than 200 IT and security professionals varying in company size and industries from the Americas, EMEA and APAC regions. Sponsored by Skyhigh Networks, the Cloud Visibility and Enablement Company, the survey aims to uncover how companies are currently approaching the cloud, including views on Shadow IT, obstacles preventing cloud adoption, and security priorities. In conducting the survey, the CSA also aimed to gain better knowledge of how IT teams are balancing the need to partner with business users to enable them with SaaS apps while also enforcing corporate security, compliance, and governance policies. Lastly the survey also sought to understand perception versus reality by contrasting access policies for popular cloud services with actual data on block rates across networking infrastructure.

While security of data remains a top barrier to cloud adoption, organizations are still moving forward in adopting cloud services, with 74 percent of respondents indicating they are either moving full steam ahead, or with caution, in the adoption of cloud services. Respondents from APAC indicated the highest level of adoption plans. However, 34 percent of respondents indicated that a lack of knowledge and experience on the part of IT and business managers was a main reason for slow or lack of adoption.

When it comes to policies and procedures for managing cloud adoption, large enterprises have the most in place. Companies with more than 5,000 employees are more likely to have a cloud governance committee (35 percent versus 12 percent), have a policy on acceptable cloud usage (61 percent versus 45 percent), and have a security awareness training program (26 percent versus 20 percent) compared to companies with fewer than 5,000 employees.

However, large enterprises are more hesitant when it comes to investing heavily in cloud services, with only 36 percent of them spending more than 20 percent of the IT budget on cloud services, compared with 49 percent of companies with fewer than 5,000 employees.

In general, business users regularly demand cloud services, with 57 percent of respondents indicating they receive between one and 10 new cloud service requests each month. And while 62 percent of respondents indicated that they do not block cloud services, the top services block by regions include cloud storage providers and social networking sites.

“The past few years have marked a paradigm shift in IT’s role, from provider to enabler,” said Rajiv Gupta, CEO of Skyhigh Networks. “This survey, the largest of its kind, illustrates that companies are aware of the consumerization of IT but have room to more proactively address the security concerns of cloud adoption.”

To access the report, visit

Cloud Security Alliance Congresses continue to be the industry’s premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. In addition to offering best practices and practical solutions for remaining secure in the cloud, CSA Congresses give attendees exposure to industry-specific case studies that will help them learn and leverage best practices used by their peers in moving to a secure cloud.

About the Cloud Security Alliance

cloud security allianceThe Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, visit us at, and follow us on Twitter @cloudsa.