A growing hazard has emerged in the cloud security space that is threatening organizations from inside of their own physical and virtual walls. As employees across multiple industries continue to adopt ‘shadow cloud’ services in the workplace, organizations and managed service providers (MSPs) need to carefully monitor its effects on security and cloud-based file sharing.
The Cloud Security Alliance’s (CSA), official definition of “shadow cloud” services is “cloud applications and services adopted by individual employees, teams, and business units with no formal involvement from the organization’s IT department.” The threat of this unsanctioned cloud usage is a potential security risk to both individuals and enterprises, alike, as the services are less protected and secured.
The vast majority of enterprises are currently dealing with this issue, struggling to identify and control the growing number of shadow cloud apps and services within their organizations, says a recent cloud security post from TechTarget. However, as organizations across industries go to battle with the shadow cloud, a new study from the CSA reports that many more are unaware of—or ignoring—the issue.
More than 70 percent of executives and IT managers said that they were unaware how many unauthorized cloud or shadow cloud apps and services their employees were using, according to the CSA’s 2014 Cloud Adoption Practices and Priorities (CAPP) report.
Despite that large figure, Jim Reavis, co-founder and CEO of the CSA, believes the tide is about to turn.
“Companies are going to try to get control of shadow cloud this year,” Reavis said. “It’s a problem they can’t ignore.”
Then again, it’s a problem they shouldn’t have ignored for this long. For companies that are content to allow employees to use whatever tools they believe will allow them the most productivity, regardless of how much it hampers their security efforts, the change in philosophy begins with MSPs making these companies aware of such blatant shortcomings.
The 2014 CAPP survey consisted of interviews with more than 200 global IT, information security, and compliance and audit managers and executives from a broad range of vertical industries. While 72 percent of respondents reported the desire to determine the number of unauthorized cloud technologies their employees were using, only eight percent of them actually knew.
These respondents are the people in charge of knowing this information. It’s their job. MSPs should view this as an enormous opportunity to educate these organizations on the importance of righting their IT ships before they’re overtaken by cyber attackers.
The twenty percent of survey respondents that stated they didn’t care about determining how many shadow cloud apps and services were being used in their organizations need to care; MSPs need to make them aware of why they need to care.
The growing risk of the shadow cloud can more easily lead to data breaches, compliance violations, and unnecessary costs than solutions that are being properly managed by organizations and MSPs. It’s time to take back control of the cloud—and that starts with MSPs pushing shadow cloud awareness.