Secure your business

Out of the shadows

Cloud-related security has been front of mind with organisations for a long time. But while much of the concern has been around the sanctity of data housed in public data centres, perhaps a more significant issue has been growing in the background: shadow IT.

Out of the shadows

With the ever-greater number of cloud-based services, it’s become common for employees to bypass their IT department and get direct access to the software and applications that help them do their jobs. As a result, many IT departments have knowledge gaps – or ‘shadows’ – in their understanding of both their application landscape, and the risk profile of their data.

Research suggests this knowledge gap is wide – and continuing to widen.1 As many as 60% of respondents in a recent survey in Australia and Asia reported that shadow IT is an issue within their organisation. But while the problem is known to them, nearly half of Australian organisations didn’t have the tools to track and monitor shadow IT.

Globally, the consequences could be huge. Elastica1 estimates the risk per business of data exposure from SaaS storage providers – such as Box and Google Drive – was $13.85M per business. Individuals shared around 25% of files in 2015 – compared with 9% in 2014 – and this percentage is only likely to increase in coming years. More than 80% of employees admit to using SaaS applications in their jobs without IT approval, and nearly 35% of all SaaS applications have not been approved by the businesses they’re used in.

Shadow IT brings multiple risks. It only takes a single employee to share a spreadsheet full of sensitive customer information to have a devastating and costly impact on the organisation, its customers and the equity of its brand.

And that’s assuming the leakage is accidental. Shadow IT brings increased risk of the malicious sharing of highly confidential corporate data by disgruntled employees.

On top of those risks, unauthorised cloud services incur additional indirect business costs. Applications that aren’t integrated into an organisation’s standard IT operational model can result in inefficiencies, including duplication of activities, doubling up on compliance checking, maintaining separate corporate identity stores, procurement and vendor management inefficiencies, as well as muddled procedures around the backup of data.

Given the exponential growth of cloud applications, we can only assume that shadow IT is on the rise. Combating it is a matter of behavioural and IT engineering, as well as putting in place the tools to monitor shadow IT activity.

Tracking all devices attached to the network and monitoring the network itself through a ‘single pane of glass’ can greatly reduce the work involved in spotting instances of shadow IT and developing an appropriate organisation-wide strategy.

The question for IT professionals is largely one of harm minimisation – that is, what level of shadow IT an organisation can live with while balancing productivity against risk? 18% of IT users say restrictions on applications make it difficult to do their job, and 24% say non-approved software meets their needs better than the IT-approved equivalent.2

But the risk of doing nothing at all is clear: on average, 15% of employees have experienced a security, access, or liability event while using SaaS applications.3

Check your immunity to cyber criminals

Don’t leave yourself vulnerable to viruses, hacking or online crime because of neglect.

Book a cyber security check-up to help get visibility on the online risks to your business and their potential impact on your bottom line.

Our security consultants assess and advise your business on your current cyber security, your exposure to online threats, and the steps you can take to improve online security.

Check your immunity to cyber criminals
Register your interest

1Elastica 2015 Shadow Data Report

2&3 The hidden truth behind shadow IT – Stratecast | Frost & Sullivan research, McAfee, Inc sponsored

Related News

Harnessing IoT to protect our precious resources
Create transformative innovation
Create transformative innovation
Harnessing IoT to protect our precious resources

The Internet of Things (IoT) is helping to better conserve, monitor and intelligently manage the utilities that we all depend on: electricity, gas and water. Whether it's savin...

Paper be gone: FACS embraces mobile working
Liberate your workforce
Liberate your workforce
Paper be gone: FACS embraces mobile working

How the NSW Department of Family and Community Services' (FACS) Housing Connect digital transformation program is helping staff spend more time with the tenants who need them. ...

Drakes Supermarkets: A case study in network resiliency
Optimise your IT
Optimise your IT
Drakes Supermarkets: A case study in network resiliency

How Drakes Supermarkets revamped its 50-store IT system and network with new tech to be more efficient, resilient and easier to manage. For businesses with a number of location...

Navigating the year of new security compliance
Secure your business
Secure your business
Navigating the year of new security compliance

Between the introduction of the General Data Protection Regulation and the Notifiable Data Breach scheme, the time is right to rethink your approach to security compliance legi...