Passwords on Post-Its: The Scary State of Cloud Security in the Workplace (Monkey Business Images/Thinkstock)

Passwords on Post-Its: The Scary State of Cloud Security in the Workplace

Has an increase in cloud adoption helped employees become more aware of cloud security risks? Here's what Softchoice found out. 

In the two years since IT and managed services provider Softchoice commissioned a survey about how North American employees use the cloud, the company has found a surprising lack of awareness around cloud security despite an increase in adoption.

Softchoice surveyed 1,500 people across the US and Canada about their habits related to usage of cloud applications and perceptions of and compliance with IT guidelines, releasing the results on Wednesday.

According to the report, called (Still) Careless in the Cloud, one in five North American employees keep their passwords in plain sight, such is on Post-It notes on their desks.

But it may not be entirely their fault – 58 percent of full-time employees said they have not been told the right way to download and use cloud apps. Forty-four percent of all employees haven’t been told how to securely transfer and store private corporate data, and 39 percent have not been told the risks of downloading cloud apps without the knowledge of IT.

Education is certainly a factor in closing shadow IT gaps, and organizations should also be mindful of the type of cloud apps their employees actually need and the devices they need them to work on.

Employees who don’t use IT-approved cloud apps said they don’t do so because of poor user experience and incompatibility with devices that they use at work, with 42 percent of tablet users preferring to use it for work over a desktop or laptop.

Here are three recommendations from Softchoice:

  1. Training - training and regular communication on security do's and don'ts will help employees correct bad behavior
  2. IT Needs to Understand Employee Behaviors - IT should assess which unsanctioned apps are being used in the organization, and provide approved alternatives to employees
  3. IT Standardized "Safe List" - IT can standardize the safe list of vetted apps on an identity management platform so employees can access apps in central location
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.