For increased productivity and efficiency, your employees are embracing Shadow IT—unsanctioned and unknown IT projects like cloud services. The concept is simple: corporate assets are leaving the four walls of a company in such a manner that they can’t be tracked or seen. Of course, many employees will be unaware that their actions are exposing the organization to attacks by cyber criminals.
Modern businesses move faster today and IT teams cannot keep up. Together with the ability of the average person to instantly spin up everything from simple file sharing, to web hosting, to even servers and virtual workspaces at the click of a button, it is not surprising that many employees opt for Shadow IT. All of which translates to security risks and compliance nightmares.
According to Skyhigh Networks’ Cloud Adoption & Risk Report Q2 2015, the average organization has employees using 1,083 different cloud services, many having been installed without being approved by IT—or even known by IT. With sensitive corporate data uploaded to these services, the organization is exposed and at risk of a data breach. These numbers are climbing quickly: in Q2 2014, only 738 cloud services were used by the average company. Thus, over the span of one year, an organization put into operation a new cloud service—nearly every day (as cited in Null, n.d.).
Shadow IT has continued to grow and according to advisory company CEB, it is estimated that 40% of all IT spending at a company is outside the control of the CIO (Groenfeldt, 2013). This growth is in part driven by the quality of applications in the cloud such as social media, collaboration tools, file sharing apps, and enterprise-class Software-as-a-Service (SaaS) applications. And according to a recent McAfee study, 80% of employees admit to using SaaS applications at work without IT approval, and nearly 35% of all SaaS applications used within the company are not approved and are contributing to Shadow IT (infotechlead, 2013).