A recent report from McAfee found that 80 percent of all IT budgets will be allocated to cloud applications and solutions within 15 months. Use of cloud services on some level is almost universal at this point. Employees love the ease and flexibility of being able to access whatever data and applications they need, whenever and wherever they need them.
This ease and flexibility continues to drive the growth of shadow IT. Another study from Symantec found that organizations believe an average of 30 to 40 cloud applications are being used by their employees. The actual number of cloud applications? That’s 1,232, up 33 percent from the last report. In other words, employees are using 30 to 40 times more applications than IT is aware of.
Shadow IT is the practice of adopting and using an application or service, typically cloud-based, without IT’s knowledge or permission. Employees will often seek out and download new apps for certain work tasks instead of running a request through proper channels and waiting for IT approval.
This sounds harmless enough, but it can have serious consequences for business. If IT doesn’t know an application is being used, it can’t be monitored, secured and controlled. The app will not have been vetted for security risks or compatibility with other tools and systems. Security policies can’t be applied. Activity can’t be tracked or analyzed. It’s impossible to know where data within those apps is located. Data won’t be backed up, and if the app goes down, you won’t be able to recover the data. If the app doesn’t satisfy minimum regulatory compliance requirements, your organization could face fines and lawsuits.
Collaboration and file-sharing are among the most common shadow IT functions. The Symantec report found that organizations “broadly share” 20 percent of files stored in the cloud, and 2 percent of these files contain sensitive data, such as personal, health and payment card information. In addition, 29 percent of emails and attachments in the cloud are broadly shared, and 9 percent of these contain sensitive data. When data is broadly shared, the risk of exposure is extremely high, especially when unapproved collaboration and file-sharing apps are used.
An effective collaboration solution can reduce the perceived need for shadow IT services. Have an open discussion with employees about what applications they’re really using. Explain the risk of shadow IT so employees understand the need to balance their preferences with the organization’s security and compliance requirements. Look for ways to consolidate technologies, which will reduce the number of service agreements, support contracts, licenses and all related costs.
When choosing a collaboration solution, look for a simple, intuitive interface. Prioritize mobile security capabilities such as encryption, antivirus and data loss prevention integration. Make sure the solution is compatible with commonly used platforms such as Microsoft Office and makes it easy to access, share and collaboratively edit files in real time. Compatibility with enterprise software, such as customer relationship management systems, is a plus. Finally, the solution should satisfy compliance requirements, including auditing and activity logging.
One incident involving lost or stolen data can wipe out any advantages gained through cloud adoption. Many businesses never recover from such a data breach. Let IPC show you how to reduce shadow IT and help you choose a collaboration solution that’s secure and easy to use.