A new study conducted by Gigaom Research and CipherCloud shows just how prevalent shadow IT and the shadow cloud have become within the business setting. It also shows just how worried IT departments are about the risks involved.
Cloud adoption and software-as-a-service applications (SaaS) have skyrocketed over the past year or so, and as the study’s executive summary pointed out, the use of shadow IT may seem like a good idea. Employees have already blurred the lines between work and personal computing, and the use of personal clouds is just one less hassle for the IT department.
Except, of course, that it isn’t. It creates a lot more headaches for IT and security. For instance, here are two significant findings from the study:
Seventy percent of unauthorized access to data is committed by an organization’s own employees.
Security (62 percent), application performance (44 percent) and time required to develop related skills (41 percent) top the list of cloud concerns.
In addition, the study found that 38 percent of employees are purposely working around the IT department to use cloud and SaaS applications to avoid the approval process, while 81 percent have admitted that they have used unauthorized applications at some time, but those incidents may have been a one-time deal, or accidental, or done without realizing permission was needed. Much more troublesome is that high number of employees who disregard IT rules to go rogue. That just makes the job of securing the network and data that much more difficult. Look again at that statistic of how much unauthorized access is insider access. Shadow IT is very much a factor of not only that statistic, but also of the increasing risks involving insider threats.
But the Gigaom Research and CipherCloud study shows something else: IT needs to do a better job at cloud security. In fact, as a Computerworld article pointed out, IT is just as guilty when it comes to using unauthorized SaaS applications and personal clouds. If they are breaking the rules and adding to the security risk, it isn’t surprising that the rest of the employee base is, as well. So that raises the question: Who is in charge of cloud-related security?
Shadow IT isn’t new, but as we watch the changing scope of how employees are accessing networks and applications and the significant rise in the use of cloud and SaaS platforms, shadow IT is going to be an even bigger security concern. As the study shows, the time to get a handle on this is now, before disaster strikes.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba