CIOs Can’t Turn a Blind Eye to the Security Risks of Shadow Cloud

May 11, 2015

shutterstock_258945413Just like Bring Your Own Device (BYOD) and other self-help technology trends, shadow cloud is becoming a quick and convenient way for employees to do their work. It may be a software, hardware, or web service that meets the requirements of their projects, but it's something that employees typically acquire without the approval of corporate IT. While the employee benefits are significant, there are security risks if not properly managed.

Just how far has shadow cloud gone? In a 2014 GigaOm Research study, 81 percent of employees admitted to using web-based software or service without corporate IT approval. Industry experts warn that if IT departments fail to keep pace with the technology demands of employees, unauthorized IT systems may continue to proliferate and threaten corporate data security.

Mixed reactions

Shadow cloud can help spur business agility and innovation. Advocates suggest that CIOs should embrace and encourage shadow cloud to create a new level of freedom for their employees just like they did with BYOD. The corporate IT landscape is changing, and they should help move business forward, not create roadblocks. Would they curtail shadow cloud usage and plunge their enterprise into the past, or would they heed their employees’ IT needs in a protected environment?

The need for shadow IT is now even more pressing as employees have become more innovative and tech savvy in performing their jobs. Add to that the popularity and affordability of cloud services like Google Docs, Dropbox, iCloud, Hightail, and Skype. This means potential IT cost savings for enterprises, particularly on IT infrastructure.

On the other hand, a break into security is a growing risk of shadow cloud. Data breaches and compliance violations can adversely impact a business's reputation. In its 2014 Cloud Adoption Practices and Priorities report, Cloud Security Alliance (CSA) discovered that more than 70 percent of IT managers and executives were unaware of the extent of shadow cloud use by their employees.

The risk is even greater as corporate data can now reside in multiple and fragmented silos. This makes IT challenges from shadow cloud applications more complicated, unpredictable, and hard to detect. There are currently no standards in monitoring what services are being used, analyzing activities, assessing the risks, assigning endpoint control, and knowing who is using what service. A shadow IT environment can be prone to problems and is a target for hackers and malicious insiders.

Managing shadow cloud

Clearly, shadow IT security is a challenge that CIOs can’t ignore. Gartner VP and analyst John Mahoney put it succinctly in a recent article, “The worst risk comes from disconnected information or disconnected processes.” A tough approach will anger employees and likely drive them to go further underground. Gartner recommends the following simple steps for CIOs to take:

  • Communicate the potential challenges and risks of shadow cloud to both management and employees
  • Get first-hand information on the extent of shadow cloud usage
  • Integrate shadow IT into corporate IT and ensure safe and efficient deployment, monitoring, and control

In a constantly changing corporate IT landscape, innovation comes with risks. Shadow cloud can be a positive episode in the IT cycle if managed properly.