The use of insecure cloud applications could be a major concern for the enterprise, and as cloud computing re-charts the path of enterprise IT, organizations are vastly underestimating the level of shadow IT in their cloud ecosystems, according to a CipherCloud survey.
The study revealed widespread cloud adoption across North America and Europe. In the company’s 2014 data, a typical North America enterprise used more than 1,245 cloud applications while those in Europe used 981 applications on average.
Social, collaboration, marketing, and IT infrastructure were the most popular cloud categories—an average enterprise uses approximately 100 different applications in each of these categories.
“The cloud categories that most enterprises are concerned about include business-oriented, such as CRM, HR and financial apps and infrastructure apps like file sharing and IT management, where sensitive data is stored,” David Berman, director of cloud discovery at CipherCloud, told eWeek. “In addition, firms remain concerned about users sharing and accessing links to potentially unsanctioned apps via social networking.”
The research rated 52 percent of applications in publishing applications as high risk, while 42 percent of the apps in social and 40 percent in career clouds were rated as high risk. These three represent the highest risk across all cloud applications.
Berman said employee training on the risks posed by shadow IT is critical but most firms find on-going training on security and compliance challenging.
“Keeping users alert to the latest account-centric threats and consolidating users for approved cloud applications that IT can monitor and safeguard remain key concerns for enterprise IT,” he said.
Software development, cloud storage, IT infrastructure, customer relationship management (CRM), human resources (HR) and business management categories also had significant percentages of applications with an overall risk score of 8 or higher (22 to 36 percent).
“Every business is challenged by shadow IT, which is driven by users looking for easier and more productive tools to get their jobs done,” Berman said. “Users no longer have to involve IT to accomplish tasks like sending a large file (too large for email) or activating new applications for collaboration with dispersed co-workers, partners and suppliers.”
Top cloud applications used by European enterprises are in largely the same categories as those used in North America, albeit European companies use 80 percent as many applications on average.
For example, North America organizations used an average of 94 IT Infrastructure applications, compared with 69 in Europe. Similarly, North America companies used, on average, 68 analytics clouds and Europe used 58.
“Shadow IT will increase its footprint in the enterprise network as users continue to add multiple clouds to their corporate ecosystems. These unsanctioned applications are vectors for introducing more security and privacy risks into the enterprise,” Berman said. “So businesses must be vigilant to defend against these nearly invisible threats.”
He explained the first step is for businesses to gain visibility into the levels of shadow IT in their environment and then adopt a disciplined approach that prioritizes cloud security and governance, which includes making cloud security an initiative for the management team.