As cloud computing becomes the norm in most organizations, there’s a serious cloud security risk many companies aren’t doing enough to stop:
Users and managers putting data at risk by signing up for cloud services without IT’s approval.
Cloud computing makes provisioning services so easy that nearly anyone can do it — including a non-IT employee that doesn’t understand the steps necessary to keep data secure in the cloud.
A few recent surveys have shown how many business units are turning to cloud computing to provision tech services outside of the IT department’s knowledge and control. In fact, one report released last year by PricewaterhouseCoopers estimated that between 15% and 30% of a typical company’s IT spending is now going toward cloud computing services that have been provisioned by other departments without IT’s approval.
Individual users are also turning to so-called “rogue IT” in droves, as 69% of end users admitted in a Symantec survey to using cloud-based email and communication services against company policy. In addition, 59% admitted to using cloud-based file-sharing software.
Now a new report from the antivirus vendor has even worse news for IT departments: 77% of all businesses have discovered rogue cloud deployments or unauthorized use of cloud computing services in the past year. In addition, close to 30% say those deployments are increasing.
And IT’s fears about people choosing services that aren’t secure or that credentials and data won’t be managed properly aren’t unfounded. Rogue cloud use has serious consequences — among businesses that reported unauthorized cloud use, 40% have experienced a breach of confidential information, and 25% faced account takeover issues, website tampering, or stolen goods or services.
Cut down on unapproved cloud computing services
One step IT can take to prevent rogue cloud computing deployment is to communicate with business units more often to find out why they’re deploying services on their own and see if there’s a way IT can better meet their needs. The users and business leaders who bypass IT to set up cloud services aren’t behaving maliciously — most of the time, they’re trying to save the company money.
Organizations can combine what those business units know about getting the best price with IT’s skill at choosing a provider that meets security, reliability and other needs to find the cloud services that are the best fit for the company.
Developing a company-wide cloud computing policy and making sure it’s properly communicated throughout the organization can also go a long way. In fact, 20% of survey respondents say the people that provision rogue cloud computing services don’t realize they aren’t supposed to do it.