Survey: “Shadow IT” Becoming a Top-Level Problem

A new report from the Cloud Security Alliance indicates that many IT execs are in the dark about the unauthorized use of cloud apps—a practice that puts corporate data at risk.

It’s an issue that more than 90 percent of companies admit to being in the dark about.

And one that, like cloud computing itself, is growing every day.

The “Cloud Adoption, Practices and Priorities Survey Report,” a new report from the Cloud Security Alliance, finds that just 8 percent of more than 200 IT and security professionals surveyed worldwide know the number of unauthorized apps currently being used within their companies—a phenomenon often called “shadow IT.” Another 72 percent don’t know, but want to.

The issue is significant, especially considering that nearly half of all respondents (49 percent) cited security concerns as a worry. Another 25 percent noted that potential compliance violations were also raised by the use of unauthorized apps, followed by enforcement challenges (19 percent) and the rise of redundant services (8 percent).

Other highlights from the survey:

In general, the cloud embraced. While IT professionals have understandably shown some hesitation about cloud computing, some of that hesitation is starting to fade. The study found that 33 percent of respondents were “full steam ahead” on using cloud services, while 41 percent were “moving with caution.” One fascinating data point: The U.S., traditionally the first adopter of various business technologies, is actually moving slower on embracing the cloud than European and Asian markets are.

What’s likely to be banned. If you have a Dropbox account at the office, consider yourself lucky. The report notes that 80 percent of professionals surveyed said that they blocked the cloud service, making it by far the service most likely to be blocked in a corporate environment. Facebook and Apple’s iCloud are tied at a distant second, scoring 50 percent each. But the study notes that companies that block such services may be doing so at their own peril—especially considering that most of these companies aren’t aware of shadow IT’s reach within their own company. “Since IT is more likely to block well-known cloud services that tend to have more mature security controls, employees can be forced to find lesser-known but potentially even riskier services to use in their place,” the study states.

Policy talk. Currently, just half of all companies surveyed said that they currently have a policy on acceptable cloud use, and the companies that do have such policies tend not to heavily enforce them. Just 16 percent of companies said they had a cloud policy that was fully enforced, while another 26 percent said they had one that was partly enforced. But the situation may improve: 27 percent of companies say that although they don’t currently have a cloud policy, they have plans to create one.

The alliance said that its goal with the study, sponsored by Skyhigh Networks, was to offer some perspective on cloud compliance issues in the corporate world at large.

“As companies move data to the cloud, they are looking to put in place policies and processes so that employees can take advantage of cloud services that drive business growth without compromising the security, compliance, and governance of corporate data,” CSA CEO Jim Reavis said in a statement. “We hope that this report provides companies with some good peer insight so that they can make better decisions to help confidently and responsibly accelerate the use of cloud services in their environment.”

Those interested in learning more can download the full study results at the CSA website.


Ernie Smith

By Ernie Smith

Ernie Smith is a former senior editor for Associations Now. MORE

Got an article tip for us? Contact us and let us know!