Companies move critical apps to the Cloud – without IT’s approval

Despite IT’s security concerns, more businesses are moving critical applications and data to cloud computing services – often going around IT in the process. 

That’s the message in a recent survey conducted by identity management vendor SailPoint.

According to the poll of 400 IT and business managers, an estimated one-third of all “mission-critical” apps are now in the Cloud. Respondents expect that number to increase to 50% by 2015.

The most popular applications for cloud computing services are:

  • Storage and file-sharing (used by 42% of  organizations surveyed)
  • Talent management (34%) and
  • Communications (30%).

While those cloud computing services can help businesses lower costs, increase flexibility and achieve other benefits, there’s one big problem: Often, those critical apps are being provisioned via cloud computing services without IT’s input — and in many cases without IT’s knowledge or approval.

Only 35% of IT managers said they were involved in the vendor selection and planning process when a cloud computing service was procured outside of the IT budget. Another 29% said they were only brought in for the deployment planning process.

Tighten cloud computing policy

Keeping IT out of the loop when provisioning cloud computing services could mean critical security factors are overlooked when providers are chosen. Also, it makes it difficult or impossible for IT to keep track of what data is stored in the Cloud and what users have access to it. For example, more than a third of IT managers surveyed said they wouldn’t be able to provide a full record of user access privileges within one day.

What can IT do to regain some of its control over what services are used and where data is held? The first step is to create a cloud computing policy that lays out the processes for provisioning and using services.

In addition, experts recommend IT take a look at why users and other departments are setting up cloud services on their own in the first place. It may be because the services officially sanctioned by IT aren’t meeting users’ needs. IT should look at what those needs are and find out if there are ways to accommodate them in an official capacity.