Companies continue to struggle in identifying precise applications and services used by its employees, without prior validation from IT. The conclusion emerges from the study “Cloud adoption: practices and priorities”, conducted by the Cloud Security Alliance (CSA) on over 200 CIO and responsible for security in the world.
Based on the survey of more than 200 CIOs and CISOs around the world, this study highlights a first implacable figure – nearly 72% of those surveyed admit to not know the number of applications and IT services used without their consent generating the phenomenon called “Shadow IT”. This concerns both the individual employees on individual initiative than entire divisions, with the backing of managers. Only 8% said they knew the number of applications relevant revenue via Shadow It, while 20% does not care in the least.
File sharing applications and collaboration, such as Google Docs, Dropbox, or Office 365, topped the list of requests (80%), followed by communication tools (41%) and social networks (38%). Still, only 16% of respondents have a policy of full implementation of cloud uses, against 26% for a “partially implemented policy”, and 8% for a “not implemented at all” policy. More than a quarter of respondents recognize not even have clear policy on the matter but work there. And, 23% of surveyed decision makers have no strategy or plan to develop one.
Companies have matured and are now seeking to establish policies and processes for employees to take advantage of cloud services that support the growth of activity, but without compromising security, regulatory compliance, and governance of corporate data.
CSA believes that in 2015 the management of identity and access can still earn interest and can deliver a key component in the cloud. CSA advises IT departments to monitor outgoing network traffic from the corporate network more closely. Traffic going in this direction has traditionally been treated more leniently than incoming traffic, but this may be a method to discover that Shadow It is in use now.
The staff that do not communicate over the corporate internet connection, but instead communicate over cellular networks, the use of shadow-it again be completely blacked out. Then it only remains for the IT department to talk to people and inform about the company’s policy in this area. In other words, for businesses, there is no question of ignoring the Shadow IT or measure, but to take control measure. There are so many applications and cloud services available that companies cannot effectively block all or prohibit.
The survey further said that as companies move data to the cloud, they are looking to put in place policies and processes so that employees can take advantage of cloud services that drive business growth without compromising the security, compliance, and governance of corporate data. CSA hope that this report provides companies with some good peer insight so that they can make better decisions to help confidently and responsibly accelerate the use of cloud services in their environment.
CSA Report: Shadow IT is a Threat to Cloud Adoption