Are you aware of your employees’ shadow IT activity? CSA cloud study shows most aren’t

Picture credit: "Texting Congress 1", by "Adam Fagen", used under CC BY / Modified from original

Fewer than 10% of companies polled in the latest Cloud Security Alliance (CSA) survey are aware of their employees’ shadow IT activity.

The survey, created in conjunction with Skyhigh Networks, gave a definition of shadow IT as “technology spending and implementation that occurs outside the IT department, including cloud apps adopted by individual employees, teams, and business units.”

And the report, which polled executives and IT managers, found their biggest worry over shadow IT is security of corporate data in the cloud, with almost half (49%) of respondents citing it. Compliance violations (25%), the ability to enforce policies (19%) and redundant services creating inefficiency (8%) were also noted.

It’s certainly a worry for business executives – and particularly so given these worrying stats:

  • File sharing and collaboration tools (80%) by far the most popular cloud services used, followed by communication tools (41%), social media (38%) and content sharing (27%)
  • Dropbox (80%) is by far the most likely cloud service to be blocked, followed by Facebook (50%) and Apple iCloud (50%). Surprisingly, 18% of respondents say they block LinkedIn
  • Security of data (73%) is the biggest concern for holding back cloud projects, with loss of control over IT services (38%) and concern over regulatory compliance (38%) again highly cited

Remarkably, half of companies still don’t have a policy in place on acceptable cloud usage. But is it apathy which is holding firms back? Yes and no: 27% of those polled admitted they didn’t have a plan but are looking to create one, while 23% were more apathetic.

However in terms of data breaches, 2014 was hardly a banner year according to the CSA. While more software vulnerabilities were uncovered last year than any other year on record, only 17% of companies polled said they’d experienced an insider threat in the past 12 months, such as an employee taking sensitive data with them after quitting. Yet around a third (31%) said they weren’t sure, which certainly raises alarm bells.

The report again sounds out issues facing organisations when moving data to the cloud. “Companies will need to enforce the same security, compliance, and governance policies that they do for data stored on premises,” the report argues.

“IT will also need to work more collaboratively with business users to understand the motivations behind shadow IT and enable the cloud services that drive employee productivity and growth in the business without sacrificing security,” it adds.

Back in 2013 the CSA coined the term ‘the notorious nine’ for security threats to cloud, with data breaches, data loss and account hijacking the top three fears. As we enter 2015, it seems not much has changed.

Related Stories

Leave a comment

Alternatively

This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.

LarryM
25 Feb 2015, 11:37 p.m.

Umm, how about the State of North Carolina. IT just "grew" here. Every department has its own server and registers its own domain names. There's no consistency; some departments are .org, some are nc.state.us, and some are .gov. The webpage design is not consistent across sites.

Disorganized, just like everything else in state government here.

Reply