Technology / Rise in ‘shadow IT’ presents an increased security risk

Rise in ‘shadow IT’ presents an increased security risk

Although the number of cloud services used by European enterprises is rising, a large proportion of these are being added without the approval of their IT departments, creating security risks for the company, according to a report by Skyhigh Networks.

The Cloud Adoption and Risk Report showed the second quarter of 2015 seeing an average number of cloud services which European enterprises use increasing by 61 per cent, compared with the same period a year ago.

The survey, based on data from 2.5 million European employees across 12,000 cloud services, found the average European enterprise is adding more than one new cloud service per day, with more than 10 per cent of cloud activity taking place on weekends. Saturdays and Sundays represented 6.8 per cent and 7.8 per cent of weekly cloud usage respectively.

Overall the average organisation used 226 cloud services for collaboration, while 54 cloud services were being used for content sharing, 21 were being used for business intelligence and 49 used for social media. How each customer used these services was difficult to predict. But, despite this rise in cloud adoption, the report showed cause for concern. Many services were being added by employees without the knowledge or approval of the IT department, creating a security risk for the organisation. Skyhigh Networks data showed that IT is generally aware of less than 10 per cent of the services in use inside their organisation.

The report found just 7 per cent of the 12,000 cloud services analysed met enterprise security and compliance requirements, only 15.4 per cent supported multi-factor authentication, 2.8 per cent had ISO 27001 certification and 9.4 per cent had encrypted data stored at rest. Skyhigh also discovered that 72.1 per cent of European organisations have exposure to compromised credentials and 8.5 per cent of employees at European companies have at least one compromised credential for sale on the darknet.

Furthermore, there was a danger they were using cloud services that did not meet EU data residency requirements.  Nigel Hawthorn, European spokesperson for Skyhigh Networks, says: “European business use of cloud is at an all-time high. Companies are adding a new cloud service to their network each day and it won’t be long until the average organisation is using well over 1,000 distinct services. While cloud services offer clear agility gains for the enterprise, the situation is by no means perfect.

“While security measures are increasingly being introduced by cyber-security practitioners’, our findings that no user is the same, combined with the fact that each enterprise is using an additional cloud service each day, demonstrates the sheer complexity of the issue.

“IT departments need to get their heads out of the clouds – or perhaps in it – and take an active role in ensuring their enterprise isn’t weighed down by risks, poorly thought out cloud usage policies, and blanket bans. In a nutshell, the potential rewards of a cloud-enabled business are just too good for an apathetic approach to cloud.”