89% of UK CIOs think Shadow I.T is a long term security risk and 88% of cloud applications aren’t enterprise-ready clearly it is time for a Shadow I.T reality check. But the threat to data security also offers a great opportunity to discover what your remote workers really want from their applications and a chance for I.T heroically lead workers into the light.
There are two schools of thought on the rise of Shadow I.T. Some people think it has emerged as the latest front line in I.T’s fraught relationship with the business; yet another challenge to be dealt with in the borderless world of BYOD, ever-increasing mobility and remote working.
On the opposite side, there is an argument that Shadow I.T is an opportunity for IT to acknowledge and take control of an emerging hybrid enterprise environment.
Whichever position you take, there is probably a gap between perception and reality – and that gap represents a real challenge to your data security. The bottom line is that if employees are using Shadow I.T applications such as Dropbox, or even Google apps, for business critical tasks, particularly those involving file sharing and storage, it’s because the cloud services and applications you provide are not meeting their needs.
Their desire to collaborate effectively is totally in the business’s interest. But every time they upload or download – never forget the danger of a malicious entity lurking in an attachment that could be putting your data at risk.
Evidence suggests that stemming the tide of Shadow IT is hardly a realistic goal: 60% of CIOs believe spend on Shadow I.T is becoming more prevalent. In this case meaning spend not specified or deployed by the I.T department, in these cases file sharing software (36%) and archiving data (33%) were also among the main causes of shadow IT expenditure. Gartner estimates that Shadow IT now regularly accounts for more than 30% of a company’s I.T spend. The use of unsanctioned cloud services is widespread, driven by end-user empowerment and the general consumerisation of technology.
Yet I.T leaders consistently underestimate the scale of the risk. Recent research carried out by Cisco showed the average estimate of cloud services running in the enterprise at 91. The reality, according to the network giant’s deeper analysis, is that 1,220 cloud services and applications are in use – the majority unauthorised. That’s an increase of 112% in the last 12 months. Even in heavily regulated sectors such as financial services and healthcare, there are up to 20 times more cloud applications running than official I.T estimates.
- 60% – of CIOs believe Shadow I.T is becoming more prevalent.
- 30% – of a company’s spend is now on Shadow I.T
- 112% – increase in cloud services running in an enterprise (the majority unauthorised).
Out of control
That’s some shadow – and some risk. Fruition Partners discovered that 84% of UK CIOs fear that the cloud is causing them to lose control of I.T, and that 89% think that Shadow I.T is a long-term security risk. Nearly as many – 79% – believe that there are unknown cloud applications in use across their domain.
And that risk is being taken at a departmental as well as individual level, away from the direct influence of I.T. Canopy discovered that 51% of business decision makers recognise the growing prevalence of Shadow I.T – and that it now accounts for up to 15% of their departmental budget.
- 84% of UK CIOs fear they are losing control of I.T.
- 89% think Shadow I.T is a long term security risk.
- 79% believe there are unknown cloud applications in use across their domain.
Across the board
88% of cloud applications aren’t enterprise-ready.
Interestingly, Shadow I.T is being used to fulfil a mix of collaborative and back-office functions:
- Back-up (44%)
- File sharing (36%)
- Data archiving (33%)
- Mobility and social networking tools (28%)
- Analytics (27%)
The risks of not addressing the security challenge this represents are huge:
- Unsanctioned applications stay invisible – and multiply: 88% of cloud applications aren’t enterprise-ready, according to Netskope’s January 2015 Cloud Report – but that doesn’t stop people from using them for business-critical purposes.
- Networks become porous, as Shadow I.T apps are accessible via the numerous devices used by remote and mobile workers.
- Low level encryption and content sharing on a grand scale combine to threaten data security.
- 36% of Shadow I.T is used for file sharing.
- 88% of cloud applications are not enterprise ready.
Seize the day
Rather than reining in Shadow I.T, CIOs and their departments should empower workers to innovate with technology but also set up boundaries so that adoption abides by compliance, regulatory and security rules. Working with suppliers to create a secure but flexible in-house collaboration platform can also help provide employees with the tools they need.
Don’t try to rein in Shadow I.T as this will fail. . Rather security specialist McAfee recommends being inclusive, not exclusive. Give employees access to a broad range of applications, and the freedom to select what best meets their needs.
As Netskope vice president Eduard Meelhuysen says, working with lines of business to create corporate policy when it comes to the use of Shadow I.T will help to build a more secure environment for data sharing:
“Guide users towards preferable alternatives – if you close one road, you have to provide alternative directions so employees can still get the job done.”
- Being in denial about the scale of the Shadow IT challenge is putting your data security at risk.
- If you can ride the Shadow IT wave, you’ll get valuable insights into your remote workers’ requirements.
- Give end-users collaboration tools that allow them to communicate and innovate , and reduce the risks of Shadow IT.