This is according to a recent survey conducted by Symantec. The security firm surveyed 165 IT managers and end users and found far too many users are leaving IT out of the loop when they start using cloud services for work.
Sixty-nine percent of end users admitted to using cloud-based email and communication services against company policy, and 59% admitted to using cloud-based file-sharing software.
Not everyone owned up to it, though — IT reported the percentage of end users “going rogue” is more like 87%-88%.
Other key findings:
- 63% of the employers covered by the survey have policies pertaining to cloud-based email and communication services, 74% have policies pertaining to file-sharing software, and 77% have policies pertaining to cloud-based storage and backup, productivity apps and contact manager apps.
- 76% of the IT workers surveyed said their company monitors whether or not employees comply with the policies, and 81% said employees face real consequences if they don’t.
- However, 55% of the end users surveyed said they didn’t know about any such policies, and 49% were unaware of any consequences for not following them.
The results of another survey, from cloud backup provider Symform, are similar. The company surveyed nearly 500 companies and found:
- 61% are officially “in the Cloud”
- But of those without officially sanctioned cloud services, 65% allow employees to use cloud services on their own as needed, and
- 35% allow employees to put company data in cloud applications.
So while all of the companies in the Symform survey reported using cloud services in some capacity, only 20% have a formal policy to govern cloud usage.
A cloud computing policy is only part of the solution
Experts think end users who knowingly choose not to follow their employer’s cloud computing policy either don’t fully understand the security risks or they can’t be bothered to obey the rules.
But the point is not whether end users are circumventing IT on purpose or forging ahead on their own unaware that it’s a big deal. The real issues are:
- Not all companies that have cloud computing policies are making end users sign off on them, and
- Many companies lack a cloud computing policy and allow employees to use cloud services without adequate controls in place.
To minimize the risks of data loss, theft or unauthorized access to network resources when using cloud services for work, it’s necessary for IT to:
- Implement a formal cloud computing policy that all employees must sign off on
- Conduct regular training on the policy to drive home the risks of “going rogue”
- Clearly communicate the consequences for violating the cloud computing policy, and
- Actually enforce the policy when employees violate it.