To the Cloud! Whether It’s Allowed or Not
It’s a common practice: You’re tasked with sharing documents — draft materials, spreadsheets, contact or lead lists, etc. — with multiple different colleagues, so you upload the materials to your favorite sharing tool (Google Docs, Dropbox, Box, etc.) and easily share the link so everyone can input their own edits. You can track all the edits your team makes in real time and wrap up the final materials, then quickly move on to the next task. It’s productive, painless and easy-to-use for you and your team. But it can also threaten your company by exposing corporate data to risk.
Employees Want Cloud Apps
By using these third-party cloud applications, organizations can neither see, manage nor secure the information employees are sharing outside of company policy. While it’s a violation of most corporations’ security policies, the fact is employees are using these cloud services to get their jobs done.
In a study conducted by IBM Security, it was found that 1 in every 3 Fortune 1000 employees regularly saves and shares company data to external cloud-based platforms, which their companies cannot track. And, as the demographics of our global workforce continue to shift, we can only expect this problem to increase. The study also found that millennial employees — who will make up over half of the worldwide workforce by 2020 — are even greater users of outside cloud apps. Fifty-one percent of this growing employee group are frequently using cloud services for work purposes.
It’s the way people now want to work. Thanks to transformations in cloud and mobile, employees can access information immediately at their fingertips, giving them the productivity and collaboration they crave. Whether it’s allowed by employers or not, they’re still going to use outside tools and upload company data to them. Instead of fighting this activity, companies would be wise to look for ways to give their employees secure access to cloud apps that are enabling new levels of productivity for their employees.
Going Beyond Policy to Get Work Done
While the majority of employees — to the tune of 57 percent — agree it is a violation of their company’s IT security policies, they intend to continue using these external cloud-based applications due to the benefits they present.
While employees may be getting work done more efficiently with these tools, the use of unsanctioned apps creates a challenge for companies since they have no control over or visibility into the sensitive data shared. The problem is further compounded by employee changes, such as staff leaving the company but still retaining access to company data living in outside cloud apps. The dangers and pain points of cloud use outside of policy don’t stop there.
Employees Trade Convenience Over Security
The IBM Security study revealed that 1 in every 4 employees is also linking these apps to his or her corporate login, leaving vast loopholes through which attackers can gain access to company networks.
If cybercriminals attack and gain access to a third-party cloud application, they can steal corporate credentials and use them to directly access a company’s network. These risks are especially prevalent when employees use external mobile apps for work, given that 40 percent of companies aren’t properly securing the apps that they build for users.
What’s more, the unsanctioned use of these apps opens up organizations to attackers without the ability to track how they get in since there is no visibility into the use of third-party applications.
Solving Shadow IT Together
IBM recently announced the release of Cloud Security Enforcer, which helps companies more fully embrace the shift in how their employees prefer to collaborate, while also providing a new level of control, visibility and overall comfort surrounding what corporate data can and cannot be shared with third-party cloud apps.
This cloud application security tool enables companies to address a potentially significant security exposure and, at the same time, spur a productive dialogue between employers and employees to ensure that employees are able to leverage tools that allow for increased convenience and cooperation in their day-to-day roles with minimized risk.
The good news? In addition to increased security, organizations may find themselves with happier, more productive workers, as well. The study showed 60 percent of Fortune 1000 employees would likely use IT-approved cloud apps, while nearly 75 percent of millennial workers would use IT-approved cloud apps.
To learn more about the steps IBM Security is taking to provide the industry with tools to combat shadow IT and schedule a demo, click here.
On behalf of IBM Security, Ketchum Global Research & Analytics (KGRA) conducted an online survey using the services of Ipsos Public Affairs. The survey interviewed 1,001 full-time employees at Fortune 1000 companies. The survey was fielded from July 27 to 31, 2015.
Respondents included various full-time employees of Fortune 1000 companies from a receptionist to an HR person to a senior vice president and everything in between. Using this approach enabled us to maintain a high completion rate while keeping costs in line.