Approved Business Logo
Login

Approved Business uses its own and third parties’ cookies in order to improve your experience and our services. These cookies provide a better performance, enhanced features and enable certain functionalities. You can obtain more information and learn how to change the configuration of your browser, including how to block some cookies, in our Privacy Policy. However, you should know that blocking some types of cookies may impact your experience on the site and limit the services we are able to offer.

Cloud Security Risks & Solutions

10 September 2015 | Grant McGregor Ltd

Preventing Shadow IT − Cloud Security Risks & Solutions

What is Shadow IT?

Before we get onto how to prevent shadow IT from putting your business risk, we thought we’d take a moment to explain what it actually is. Shadow IT is basically the term used to describe IT systems and solutions that are built and utilised within an organisation, without getting the organisation’s approval. These systems and solutions are often deployed by departments other than the IT department and therefore, do not follow the same security procedures, potentially putting a business’s information at risk.

When faced with preventing shadow IT, most businesses associate it with personal devices that employees use on a ‘bring your own device’ basis. However, shadow IT can also refer to the Cloud-based applications that employees use every day like Dropbox and iCloud. Here we’ll examine the Cloud security risks of these applications and appropriate solutions for your business.

What are the risks of shadow IT?
More often than not, security breaches occur as a result of employees skipping internal processes and moving corporate data to the Cloud. In the Security in the Cloud Quick Poll conducted by CSO Magazine and Symantec, 37% of respondents said they believe individual users are frequently or occasionally deploying Cloud applications and putting data in the Cloud without consulting their IT department.

Employees adopt these applications pragmatically − they have a job that needs to be done and these applications help them to do it. They’re inexpensive and can immediately meet their needs but the problem is they can negatively impact a business, as explained below.

Non-compliance − Adopting unsanctioned shadow IT applications can lead to non-compliance. According to Skyhigh Networks’ 2015 Cloud Adoption and Risk Report, there are 10,000 Cloud services available today, yet only 9.3% of them meet enterprise data, security and legal requirements.

If employees are using Cloud applications like Dropbox but haven’t checked them against your Cloud data security and regulatory compliance policy, they could be putting your company at risk of a breach, which could potentially lead to a not insignificant fine.

Sharing sensitive data − Another risk of using unsanctioned shadow IT applications is that they can reveal sensitive data to unauthorised parties. Even though most Cloud applications offer a level of security, it may not be enough to keep your sensitive data encrypted.

Damaging your reputation − If your employees are storing client data on unauthorised Cloud apps that do not appear in your policies and you experience a breach, it’s going to negatively impact your reputation. Customers aren’t going to trust you with their data and you may find it more difficult to secure new business in the future.

Finding a solution
In order to find a solution to your shadow IT problem, you first need to understand why employees are choosing to use it. A possible reason could be that they find the applications you have permitted to be inadequate at meeting their needs or too difficult to use. In this case, you will need to think about introducing better applications for your employees, eliminating the need for them to find and use their own.

Working with your employees to choose effective Cloud solutions will enable you to keep them happy, whilst also satisfying corporate data security and compliance requirements.

Training employees on shadow IT
It’s also worth considering that your employees may not necessarily realise they’re doing something wrong by using what we know as shadow IT. Most employees won’t have this level of IT knowledge and are therefore unlikely to realise that they are putting your corporate data at risk. Whilst you don’t expect your sales staff or customer service advisors to have the same level of knowledge as your IT department, it may be worth training them on the basics. If they are aware of the dangers of shadow IT, they are much less likely to use it.

The risk of your staff
The reality is that your staff are essentially the biggest risk of Cloud security breaches, so your focus needs to be on educating them. Creating a shadow IT policy will help to minimise the instances of users deploying data and apps in the Cloud without consulting your IT department.

Other Press Releases from Grant McGregor Ltd

04/8/2023 - Half year review: 2023’s best new features in Microsoft Teams Here’s our regular round-up of some of the best new features added this year to Microsoft Teams − as well as a few you can expect to be enjoying soon.
04/8/2023 - Should your organisation be leasing your IT hardware? Have you ever considered a lease agreement for your IT equipment and devices? It’s a service that Grant McGregor offers and we explain more about it here.
03/8/2023 - Should your users be using Microsoft Edge Password Manager? Should you be using Microsoft Edge Password Manager? In this blog, our team considers the question.
03/8/2023 - Is your business data at risk? Don’t take chances with old tech A new study shows that millions of deleted files can be recovered from improperly wiped hard drives that are sold online. What can you do to protect yourself?
03/8/2023 - What can we learn from the Capita data breaches? Capita’s cyber security practices should be second to none. Yet recent events have illustrated how supply chain security cannot be taken for granted. Find out more...