Shadow IT: data protection and cloud security

1 Summary

Shadow IT is a term describing users or whole lines of business who go outside of their organization’s IT group to meet their IT needs. A disconnect often exists between what IT users feel they need and what the IT services group is prepared to deliver. Shadow IT’s destination is often the cloud, where a company credit card can access all kinds of IT as a service, including cloud-based file-sync-and-share, laptop data protection, CRM, project management, or back-office software.

Shadow IT may seem like an easy solution for an organization, because users and lines of business meet their needs and IT has one less problem. But in reality, both stakeholders can end up with less than they wanted and in the process, they put the organization’s important data assets at risk by compromising data security. Consumerization of IT can often come back to haunt enterprise IT.

Instead of divesting itself of responsibility, IT organizations should get in front of shadow IT and prevent its spread. When IT takes control of an organization’s cloud usage it provides better cloud utilization, which in turn allows cloud compute and storage to reach its full potential. At the same time, IT keeps the organization’s data better protected and more secure.

This report reviews data from three surveys that Gigaom Research conducted between September 2013 and June 2014. It will help IT organizations understand the extent of shadow IT and avoid its pitfalls.

Key findings include:

  • 83 percent of organizations have adopted the cloud for some function, but few are using the cloud to deploy complex enterprise applications.
  • Security (62 percent), application performance (44 percent) and time required to develop related skills (41 percent) top list of cloud concerns.
  • More than half of enterprises have at least 10 public cloud instances in production.
  • 81 percent of line-of-business employees admitted to using unauthorized SaaS applications with 38 percent deliberately using unsanctioned apps because of the IT-approval process.
  • 70 percent of unauthorized access to data is committed by an organization’s own employees.

 

Thumbnail image courtesy: Digital Vision/Thinkstock

Tags