It is now easier than ever for departments within an organisation to use their own budgets to invest in, and install, apps and Software as a Service (SaaS), without consulting the internal IT department. This rise in shadow IT is often driven by an employee desire to enhance productivity. In most cases employees expect to be able to introduce the same cloud-based apps, programmes or software they use at home and on their mobile device into their working lives, without thinking twice.
The survey also demonstrated a lack of understanding around basic security risks, amongst UK employees. Only 11 per cent of employees questioned accessing cloud file storage sites as a security threat; despite it having potentially huge information security implications for organisations. In addition, over a quarter of those surveyed did not believe that web based apps, social media apps, and web based email could result in security consequences.
Symantec’s ‘Avoiding the Hidden Costs of Cloud 2013 Survey’ states that 77% of UK businesses saw rogue cloud (Shadow IT) deployments in 2012, with 40 per cent of them suffering exposure of confidential information. In Symantec’s view, if employees worked together with their IT departments to openly discuss what applications and technology they needed and in turn are educated on the potential risks to the companies’ cyber reliance of accessing certain software and technologies, the whole business would benefit.
Sian John, Security Strategist at Symantec, said, “Although shadow IT carries risk, by managing it correctly it can be viewed as a powerful business enabler. Workers are driving innovation in the name of productivity and quality of life, and are bypassing the IT departments in order to find the technology that allows them to do this. This does need to change but should be through a collaborative approach that sees employees working with IT to ultimately improve efficiency, reduce overall risk and increase a competitive advantage. Companies shouldn’t try to eradicate shadow IT, but look at how workers can safely weigh up the risks and be empowered to install software to help them work more effectively.”