65% of IT professionals feel Shadow IT is compromising cloud security

Graham Cluley

February 14, 2017

65% of IT professionals feel Shadow IT is compromising cloud security

Has your company embraced the cloud?

I admit it, I’ve also felt uncomfortable about the willingness with which some computer users trust their company’s data to what is – after all – just someone else’s computer.  I might even have been the one to have dreamt up that particular “joke/not joke” in the first place.

But that doesn’t mean I believe that storing and processing data “in the cloud” can’t have some big benefits to organisations – particularly those with the need to easily share information with colleagues and authorised partners, or those without the IT infrastructure or budget to run or build a solution in-house. 

Done right, the “cloud” can be a real asset.  But if it is brought into your company in a careless fashion, it could potentially expose your company to a whole host of new risks.

A new survey of over 2000 senior IT professionals has revealed that if the general public’s confidence in cloud-based services is increasing, it comes at a potential price.

For instance, the very fact that regular users find it easy to setup cloud services can be seen as a threat.

The worry is that more and more workers are seeing themselves a “Shadow IT” staff, getting things done for themselves when they feel that the legitimate IT helpdesk team put obstacles in their way.

In short, the survey claims, almost 40% of all cloud services are being commissioned without the involvement of the IT department.

As a result, 65% of IT professionals “believe that this phenomenon is interfering with their ability to keep the cloud safe and secure.”

And that’s a big problem when you consider that 74% of organisations asre said to store some or all of their sensitive data in the public cloud.

It’s not just the companies who are at risk, however.  It’s their customers too.  Because the survey found that the most likely type of data being stored in public clouds is personal customer information – stored there by 62% of those surveyed.

No-one wants to get in the way of progress, or to be immovable obstacles for those in the workforce who are simply trying to find a way to do their job as effectively as possible.

What’s needed is a more unified approach, where the IT department will be seen as a partner for those in the company considering setting up their own cloud systems rather than a hurdle that needs to be avoided.

If you can increase your visibility about what is going on inside your company, and where “Shadow IT” teams might be considering setting up their own systems without the knowledge of the legitimate helpdesk, then you can hopefully avoid mistakes being made, and ensure that a solution that works for both parties can be put in place.

None of us want to rain on our colleague’s parade, but if uncontrolled cloud services manage to compromise your business’s security that’s not going to be good news for anyone.




Graham Cluley

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats. Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

View all posts

You might also like