Unknown clouds in the government enterprise

Unknown clouds in the government enterprise

In order for government to secure all the cloud services it offers and meet security requirements, it first needs to know how many cloud services are actually coming into the organization.

The average public sector organization uses 721 cloud services, which is 10 times more than IT departments expect. That’s according to Skyhigh Networks’ Cloud Adoption & Risk in Government Report that looked at what cloud services are most prevalent in government organizations and the risks associated with such services.

That difference comes from what’s sometimes called the consumerization of IT or, more nefariously, shadow IT, where employees bring consumer-grade productivity services into the enterprise.

The top categories of enterprise cloud services are used for collaboration (like Microsoft Office 365, Gmail, etc.), file-sharing (Box, Dropbox, Google Drive, etc.), development (GitHub, SourceForge, etc.) and social media (like Facebook, LinkedIn, etc.).

The top enterprise cloud software used by the public sector includes:

  • Microsoft Office 365
  • Yammer
  • Salesforce
  • Oracle Taleo
  • OneDrive
  • Concur
  • Cisco WebEx
  • Jive
  • Sharepoint Online
  • GoToMeeting

Top consumer cloud apps in the government enterprise are:

  • Facebook
  • Twitter
  • Instagram
  • YouTube
  • Dropbox
  • Firedrive
  • LinkedIn
  • Pinterest
  • Tumblr
  • Hotmail

These consumer apps, which may have legitimate uses for recruiting or marketing, open the enterprise to attackers who can use the apps as a vector for extracting data, the report said.

As a result of the growing use of cloud service, agencies increased their spending on cloud security over the past year even as cloud service providers expanded their security capabilities, the report said.

About 1,459 cloud services (17 percent) offer multi-factor authentication, compared with 705 services last year, and 1,082 (11 percent) encrypt data at rest, compared with 470 services last year.

While agencies are taking measures to block access to non-secure services via a firewall or proxy, the report found that there is a cloud enforcement gap for how effectively agencies are blocking these services.

For example, Dropbox’s enforcement gap is 64 percent – IT managers think their block rate is 80 percent, when in fact it is only 16 percent. Dropbox’s enforcement gap is closely followed by Instagram (45 percent), and Apple iCloud (42 percent).

A version of this article was originally published on FCW, a sister site to GCN.

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected