“This survey demonstrated that 2013 will be a tipping point in cloud adoption. With enterprises rapidly turning to cloud apps, the inherent risks in practices like using unsanctioned apps or sharing passwords on sticky notes need to be addressed, and quickly,” said Thomas Pedersen, chief executive officer of OneLogin.
Designed to collect the views of IT and business people regarding the pace of cloud application adoption and usage, the survey revealed that with access to these applications taking place from a variety of locations including smartphones (80%), tablets (71%) and non-company computers (80%) and with a large percentage of organizations (73%) needing to grant temporary access to cloud apps, respondents cited concerns around identity management, governance and complexity.
Among the issues found in the survey:
Shadow IT - 71% of respondents admit to using cloud applications that have not yet been sanctioned by their IT department (like Dropbox and Gmail) to get work done.
Unsafe password management - 43% of respondents admit that employees manage passwords in spreadsheets or on sticky notes and 34% share passwords with their co-workers for applications like FedEx, Twitter, Staples and LinkedIn. 20% experienced an employee still being able to login after leaving the company.
Single sign-on challenges - 48% of respondents are still not able to sign in to cloud applications with a single set of credentials.
Need to provision external users - 72% of the respondents have the need to provide external users (i.e. consultants) with temporary access to the company’s cloud applications.
Complex directory infrastructures - 59% of respondents had multiple on-premise directories with Active Directory being cited as the most used directory (40%), followed by LDAP (17%) for managing user identities and application access.
Different security model for cloud application access - 34% of respondents claimed that their security model for cloud applications was different than for on-premise applications vs. 45% claiming it’s the same.
"It is no secret that cloud apps need solutions added to improve their security; yet to see 20% of app users admit a breach by ex-employees is still a surprisingly high result,” said Davi Ottenheimer, president of flyingpenguin. “The real story behind the 80% already using cloud apps already is that 70% admit apps came without company approval. In 2013, organizations will need solutions flexible enough to support the 60% with more than four apps already in use, and scalable enough to keep up with the 35% who plan to add at least four new apps this year."
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.