SMBs Struggle to Rein in Data Leakage to Cloud, Study Finds
Workers have used unapproved cloud services without informing their IT departments in more than 80 percent of small and midsize businesses, according to a Spiceworks survey.Small and medium-size businesses have major problems in managing their use of cloud applications, according to a survey published on Oct. 12 by Spiceworks, a community for information technology workers. The survey of 338 IT managers found that more than 80 percent of the technology professionals had end users who had "gone behind their backs to set up unapproved cloud services." Almost all of those surveyed thought the security of specific cloud services should be taken into account before allowing employees to use them. "I think a lot of times, everyone is used to using consumer-level products, which are not inherently bad, but they can be dangerous," Peter Tsai, IT analyst for Spiceworks, told eWEEK. "IT does not have direct control over who sees what and when, so you are putting sensitive information out there in the wild." The problem of unauthorized cloud services shows that the issue of "shadow IT"—unvetted and unapproved technology—continues to undermine the security of businesses. Shadow IT used to describe an unapproved wireless router or server set up by employees to help them work, but with the advent of the cloud, the problem has moved online.
The IT professionals worried most about cloud storage services and web-based email services, with 35 percent warning that the former, and 27 percent that the latter, were vulnerable to attack. Messaging services and financial applications are the greatest concerns for 9 percent and 8 percent of IT professionals, respectively, according to the survey.