Unknown clouds in the government enterprise

Unknown clouds in the government enterprise

In order for government to secure all the cloud services it offers and meet security requirements, it first needs to know how many cloud services are actually coming into the organization.

The average public sector organization uses 721 cloud services, which is 10 times more than IT departments expect. That’s according to Skyhigh Networks’ Cloud Adoption & Risk in Government Report that looked at what cloud services are most prevalent in government organizations and the risks associated with such services.

That difference comes from what’s sometimes called the consumerization of IT or, more nefariously, shadow IT, where employees bring consumer-grade productivity services into the enterprise.

The top categories of enterprise cloud services are used for collaboration (like Microsoft Office 365, Gmail, etc.), file-sharing (Box, Dropbox, Google Drive, etc.), development (GitHub, SourceForge, etc.) and social media (like Facebook, LinkedIn, etc.).

The top enterprise cloud software used by the public sector includes:

  • Microsoft Office 365
  • Yammer
  • Salesforce
  • Oracle Taleo
  • OneDrive
  • Concur
  • Cisco WebEx
  • Jive
  • Sharepoint Online
  • GoToMeeting

Top consumer cloud apps in the government enterprise are:

  • Facebook
  • Twitter
  • Instagram
  • YouTube
  • Dropbox
  • Firedrive
  • LinkedIn
  • Pinterest
  • Tumblr
  • Hotmail

These consumer apps, which may have legitimate uses for recruiting or marketing, open the enterprise to attackers who can use the apps as a vector for extracting data, the report said.

As a result of the growing use of cloud service, agencies increased their spending on cloud security over the past year even as cloud service providers expanded their security capabilities, the report said.

About 1,459 cloud services (17 percent) offer multi-factor authentication, compared with 705 services last year, and 1,082 (11 percent) encrypt data at rest, compared with 470 services last year.

While agencies are taking measures to block access to non-secure services via a firewall or proxy, the report found that there is a cloud enforcement gap for how effectively agencies are blocking these services.

For example, Dropbox’s enforcement gap is 64 percent – IT managers think their block rate is 80 percent, when in fact it is only 16 percent. Dropbox’s enforcement gap is closely followed by Instagram (45 percent), and Apple iCloud (42 percent).

A version of this article was originally published on FCW, a sister site to GCN.

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected