Unknown clouds in the government enterprise

Unknown clouds in the government enterprise

In order for government to secure all the cloud services it offers and meet security requirements, it first needs to know how many cloud services are actually coming into the organization.

The average public sector organization uses 721 cloud services, which is 10 times more than IT departments expect. That’s according to Skyhigh Networks’ Cloud Adoption & Risk in Government Report that looked at what cloud services are most prevalent in government organizations and the risks associated with such services.

That difference comes from what’s sometimes called the consumerization of IT or, more nefariously, shadow IT, where employees bring consumer-grade productivity services into the enterprise.

The top categories of enterprise cloud services are used for collaboration (like Microsoft Office 365, Gmail, etc.), file-sharing (Box, Dropbox, Google Drive, etc.), development (GitHub, SourceForge, etc.) and social media (like Facebook, LinkedIn, etc.).

The top enterprise cloud software used by the public sector includes:

  • Microsoft Office 365
  • Yammer
  • Salesforce
  • Oracle Taleo
  • OneDrive
  • Concur
  • Cisco WebEx
  • Jive
  • Sharepoint Online
  • GoToMeeting

Top consumer cloud apps in the government enterprise are:

  • Facebook
  • Twitter
  • Instagram
  • YouTube
  • Dropbox
  • Firedrive
  • LinkedIn
  • Pinterest
  • Tumblr
  • Hotmail

These consumer apps, which may have legitimate uses for recruiting or marketing, open the enterprise to attackers who can use the apps as a vector for extracting data, the report said.

As a result of the growing use of cloud service, agencies increased their spending on cloud security over the past year even as cloud service providers expanded their security capabilities, the report said.

About 1,459 cloud services (17 percent) offer multi-factor authentication, compared with 705 services last year, and 1,082 (11 percent) encrypt data at rest, compared with 470 services last year.

While agencies are taking measures to block access to non-secure services via a firewall or proxy, the report found that there is a cloud enforcement gap for how effectively agencies are blocking these services.

For example, Dropbox’s enforcement gap is 64 percent – IT managers think their block rate is 80 percent, when in fact it is only 16 percent. Dropbox’s enforcement gap is closely followed by Instagram (45 percent), and Apple iCloud (42 percent).

A version of this article was originally published on FCW, a sister site to GCN.

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • automated processes (Nikolay Klimenko/Shutterstock.com)

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected