Skyhigh Networks, a firm that aims to help companies monitor their use of cloud services, has found that the average European enterprise uses 588 cloud services, many of them posing security threats and legal compliance issues to the business.  

The European Cloud Adoption and Risk Report, based on data from 40 companies spanning financial services, oil and gas, manufacturing, retail and utilities, found that only 194 of the 2,501 cloud services in use provide enterprise-grade security capabilities.

The risk of each cloud service is based on Skyhigh CloudTrust, which assigns a 1-to-10 risk rating based on more than 30 attributes across data risk, user risk, device risk, service risk, business risk and legal risk. Anything rated between seven and 10 is considered high risk.

Following recent data breaches, Yahoo Mail received a rating of seven, as did notetaking and archiving cloud service Evernote. 

From a data privacy and data residency perspective, only one percent of the cloud services in use across the companies surveyed offered enterprise-grade security capabilities, while also storing data in Europe’s jurisdictional boundaries.

Twenty-five of the top 30 cloud services in the collaboration, content sharing, and file sharing categories were based in countries where the privacy laws are less stringent compared to Europe, such as the United States, Russia and China.

Out of the ten most popular business cloud services used by enterprises in the UK, SAP ERP (enterprise resource planning) was the only one to store data within Europe’s jurisdictional boundaries.

Meanwhile, much of the cloud adoption within European organisations occurs under the radar of the CIOs, according to Skyhigh Networks. 

Skyhigh Networks CEO Rajiv Gupta said: “Too many employees are still unaware of the risks associated with some cloud services, and could even be jeopardising the overall security position of their organisation.

“Of the services that we analysed, 72 percent stored data in the US – which could have legal and compliance implications for certain organisations in Europe.”

He added that IT needs to develop greater understanding of the cloud services in use and the risk they present, and play a leadership role in educating users and guiding the organisation to securely embrace the cloud.

According to Gupta, one CIO working for an undisclosed financial services company thought staff at his company were using 46 cloud services across the enterprise but a two-day analysis with SkyHigh Discover revealed that there were in fact 960 cloud services in use.

Charlie Howe, EMEA director of Skyhigh Networks, said: “The discrepancy between the perceived and actual number and risks of services in use at each organisation is worrying to say the least.”

“CIOs need to get a better grip on this if they are to avoid the huge reputational and financial repercussions of poor data security.”