Firms underestimate level of shadow IT they use, says report
4 February 2015 |
Organisations are vastly underestimating the level of shadow IT in their cloud ecosystems, according to a study by cloud security firm CipherCloud.
The “Cloud Adoption & Risk Report in North America & Europe – 2014 Trends” found 86 per cent of cloud applications used by enterprises are unsanctioned shadow IT. For example, a major US enterprise estimated 10-15 file sharing applications were in use, but discovered almost 70.
Other results showed 70 per cent of US cloud applications used by European organisations were not “Safe Harbour” approved. European Union data privacy laws require that transfers of personal information be restricted to European Union member states, or countries approved by the European Union for international data transfer.
The US does not have country-wide approval, but US businesses can become Safe Harbor compliant by following seven fundamental data protection principles, and hence become eligible to handle transfers of personal data from European territories.
CipherCloud found only 21 per cent from US clouds were Safe Harbor approved, while 9 per cent of the clouds used by European enterprises were either based in Europe or in European-approved data transfer regions.
Pravin Kothari, founder and CEO, CipherCloud, says: “The epic breaches of 2014 have catapulted security from the IT boiler room to the board room. While many remember 2014 as the year of the data breach, this study underscores the stealthy build-up of shadow IT, an equally worrisome threat for enterprises on both sides of the Atlantic.
“Rampant cloud adoption has given shadow IT a far bigger footprint than previously recognised. This introduces a multi-pronged problem for companies. It is hard, if not impossible, to protect against something you cannot see. And worse, each unsanctioned application is a vehicle for introducing a host of other risks into the enterprise. Companies must address this problem in order to fully unleash the power of the cloud.”
Protect your business against cyber attacks – attend The European Information Security Summit 2015 and hear about the latest trends, techniques and technologies from industry experts.
Photo © George Thomas (CC BY 2.0). Cropped.