Research shows IT blocking applications based on popularity not risk

Tactic leads to less popular, but still risky cloud-based apps freely accessing networks

A new study, based on collective data taken from 3 million users across more than 100 companies, shows that cloud-based apps and services are being blocked based on popularity rather than risk.

A new study from Skyhigh Networks, a firm that focuses on cloud access security, shows that most of the cloud-based blocking within IT focuses on popular well-known apps, and not risk. The problem with this method of security is that often, cloud-based apps that offer little to no risk are prohibited on the network, while those that actually do pose risk are left alone, freely available to anyone who knows of them.

[Still going rogue in the cloud]

Moreover, the data collected from some 3 million users across 100 organizations shows that IT seriously underestimates the number of cloud-based apps and services running on their network. For example, on average there are about 545 cloud services in use by a given organization, yet if asked IT will cite a number that's only a fraction of that.

When it comes to the type of cloud-based apps and services blocked by IT, the primary focus seems to be on preventing productivity loss rather than risk, and frequently blocked access centers on name recognition. For example, Netflix is the number one blocked app overall, and services such as iCloud, Google Drive, Dropbox, SourceForge, WebEx,, StumbleUpon, and Skype, are commonly flagged too.

However, while those services do have some risk associated with them, they are also top brands depending on their vertical. Yet, while they're flagged and prohibited on many networks, services such as SendSpace, Codehaus, FileFactory, authorSTREAM, MovShare, and WeTransfer are unrestricted, but actually pose more than the other commonly blocked apps.

Digging deeper, the study shows that in the financial services sector, iCloud, and Google Drive are commonly blocked, yet SendSpace and CloudApp, which are direct alternatives, are rarely — if ever — filtered. In healthcare, Dropbox and Memeo (an up and coming file sharing service) are blocked, which is expected. Yet, once again, healthcare IT allows services such as WeTransfer, 4shared, and Hostingbulk on the network.

In the high tech sector, Skype, Google Drive, and Dropbox are commonly expunged from network traffic, yet RapidGator, ZippyShare, and SkyPath are fully available. In manufacturing, where WatchDox,, and Box are regularly blocked, CloudApp, SockShare, and RapidGator are fully used by employees seeking alternatives.

In a statement, Rajiv Gupta, founder and CEO at Skyhigh Networks, said that the report shows that "there are no consistent policies in place to manage the security, compliance, governance, and legal risks of cloud services."

Separately, in comments to CSO, Gupta agreed that one of the main causes for this large disconnect in content filtering is a lack of understanding when it comes to the risks behind most cloud-based apps and services (outside of the top brands), and that many commercial content filtering solutions simply do not cover the alternatives online, or as he put it, "they're not cloud aware."

This, if anything, proves that risk management can't be confined within a checkbox and a bland category within a firewall's content filtering rules.

"Cloud is very much the wild, wild west. Taming the cloud today largely is a whack-a-mole exercise...with your bare hands," Gupta told us.

The full report is available here. Registration is required.

Copyright © 2013 IDG Communications, Inc.

The 10 most powerful cybersecurity companies