Fewer than 10% of companies polled in the latest Cloud Security Alliance (CSA) survey are aware of their employees’ shadow IT activity.
The survey, created in conjunction with Skyhigh Networks, gave a definition of shadow IT as “technology spending and implementation that occurs outside the IT department, including cloud apps adopted by individual employees, teams, and business units.”
And the report, which polled executives and IT managers, found their biggest worry over shadow IT is security of corporate data in the cloud, with almost half (49%) of respondents citing it. Compliance violations (25%), the ability to enforce policies (19%) and redundant services creating inefficiency (8%) were also noted.
It’s certainly a worry for business executives – and particularly so given these worrying stats:
- File sharing and collaboration tools (80%) by far the most popular cloud services used, followed by communication tools (41%), social media (38%) and content sharing (27%)
- Dropbox (80%) is by far the most likely cloud service to be blocked, followed by Facebook (50%) and Apple iCloud (50%). Surprisingly, 18% of respondents say they block LinkedIn
- Security of data (73%) is the biggest concern for holding back cloud projects, with loss of control over IT services (38%) and concern over regulatory compliance (38%) again highly cited
Remarkably, half of companies still don’t have a policy in place on acceptable cloud usage. But is it apathy which is holding firms back? Yes and no: 27% of those polled admitted they didn’t have a plan but are looking to create one, while 23% were more apathetic.
However in terms of data breaches, 2014 was hardly a banner year according to the CSA. While more software vulnerabilities were uncovered last year than any other year on record, only 17% of companies polled said they’d experienced an insider threat in the past 12 months, such as an employee taking sensitive data with them after quitting. Yet around a third (31%) said they weren’t sure, which certainly raises alarm bells.
The report again sounds out issues facing organisations when moving data to the cloud. “Companies will need to enforce the same security, compliance, and governance policies that they do for data stored on premises,” the report argues.
“IT will also need to work more collaboratively with business users to understand the motivations behind shadow IT and enable the cloud services that drive employee productivity and growth in the business without sacrificing security,” it adds.
Back in 2013 the CSA coined the term ‘the notorious nine’ for security threats to cloud, with data breaches, data loss and account hijacking the top three fears. As we enter 2015, it seems not much has changed.