While IT managers estimate running an average of 23 cloud-based apps, vendors and analysts observe more than 500 cloud apps, on average, per enterprise.
A recent survey of IT and security professionals by the Cloud Security Alliance (CSA) found a significant difference between the number of cloud-based applications IT and security professionals believe to be running in their environments and the number reported by cloud application vendors.
The discrepancy is evidence of a lack of visibility in many organizations that cries out for cloud-app discovery tools and analytical tools on cloud-app policy use and restrictions, said Jim Reavis, CEO of the CSA.
"We found these results particularly interesting and at the same time concerning," Reavis said in a statement. "It's hard to control what you can't see. If you are only seeing one tenth of your actual cloud usage, it's impossible to put cloud policies in place to protect users and data."
The survey, which included responses from IT and security professionals from around the globe representing a variety of industry verticals and enterprise sizes, including government, education and health and financial services.
More than half of respondents believe their organizations are running 10 or fewer cloud-based apps, while nearly 90 percent believe they have fewer than 50. But those numbers don't add up next to estimates commonly reported by vendors and industry analysts, which claim that on average, enterprises are running more than 500 cloud apps per organization, the CSA report's authors wrote in the report, Cloud Usage: Risks and Opportunities Report.
The good news is that most of the survey respondents reported having policies and procedures in place to protect data and ensure compliance for the cloud apps they are aware of. And they reported that these policies were "well-enforced." Among the best protected of these apps, nearly 80 percent of the policy enforcement is in cloud storage and cloud backup, the respondents said, which the report's authors saw as evidence of "serious concerns about data leakage and protection." Very few respondents (close to 4 percent) reported experiencing a data breach involving their cloud apps in the past year.
In addition to raising awareness around cloud service risk, the CSA report aims to provide usage intelligence that could help organizations make better decisions on everything from consolidating and standardizing on the most secure and enterprise-ready cloud services to knowing what policies will have the most impact, the authors said.
The survey was sponsored by two companies that have staked out territory in this evolving landscape: cloud-app analytics and policy-enforcement provider Netskope and identity management services vendor Okta.
The new report is available now for download from the CSA website.
NEXT STORY: Not all clouds created equal