Out-Law / Your Daily Need-To-Know

Cloud data security risks exacerbated by 'shadow IT' use, says cloud security business

Out-Law News | 10 Apr 2014 | 9:20 am | 1 min. read

Risks businesses face when utilising cloud computing are exacerbated because of 'shadow IT' use, a cloud security business has warned.

Skyhigh Networks conducted a survey of more than 40 businesses across a range of sectors to gauge cloud adoption and risk. It found that, on average, businesses use 588 cloud services each but that 91% of those services "pose medium to high security risks to organisations".

The survey found that 72% of European businesses using cloud services store data in the US and that just 9% of the services provided to the respondents offered "enterprise-grade security capabilities". Just 12% of cloud service providers used by the respondent businesses encrypt data they store and fewer than a quarter (21%) require multi-factor authentication to access the data.

Skyhigh Networks said that businesses may only have oversight of 10% of cloud use within their organisations due to the prevalence of 'shadow IT' usage. It said businesses need to take closer guard of cloud usage to avoid exposing themselves to data privacy and security risks.

The term 'shadow IT' generally refers to the use of applications by employees where those applications have not been approved for use by the IT department or which have not otherwise been obtained in accordance with IT policies.

"Cloud services certainly enable agile, flexible, and efficient businesses, and employees should be encouraged to use services that best suit their working style and enhance their productivity,” Rajiv Gupta, Skyhigh Networks chief executive, said. "However, it is evident from this study that too many employees are still unaware of the risks associated with some cloud services, and could even be jeopardising the overall security position of their organisation."

"Of the services that we analysed, 72% stored data in the US – which could have legal and compliance implications for certain organisations in Europe. The bottom line is that businesses need to get smarter about cloud, and IT needs to develop greater understanding of the cloud services in use and the risk they present, and play a leadership role in educating users and guiding the organisation to securely embrace the cloud," Gupta added.