As cloud computing re-charts the path of enterprise IT, enterprises are vastly underestimating the extent of shadow IT in their cloud ecosystems, according to a study cloud usage and risks from 2014 by cloud security company CipherCloud.
With its faster time to market, massive economy of scale, and unparalleled agility, the cloud is entering organisations at an unprecedented rate. As a result, hundreds of high risk cloud applications are commonly used across North American and European organisations.
According to the survey, the average global enterprise uses over 1,000 cloud apps. Those in Europe used on average 981 while North American firms used a whopping 1,245 of them. However, as high as 86% of them are unsanction 'shadow IT.' While a major US enterprise estimated 10-15 file sharing applications were in use, they actually discovered around 70.
Not only this, only 9% of clouds used by European enterprises are either based in Europe or in European-approved data transfer regions, and 21% were US clouds and not Safe Harbour approved. The rest, a whopping 70%, were US clouds without Safe Harbour certification.
'The epic breaches of 2014 have catapulted security from the IT boiler room to the board room,' said Pravin Kothari, founder and CEO, CipherCloud. 'While many remember 2014 as the year of the data breach, this study underscores the stealthy build-up of shadow IT, an equally worrisome threat for enterprises on both sides of the Atlantic. Rampant cloud adoption has given shadow IT a far bigger footprint than previously recognised.
'This introduces a multi-pronged problem for companies. It is hard, if not impossible, to protect against something you cannot see. And worse, each unsanctioned application is a vehicle for introducing a host of other risks into the enterprise. Companies must address this problem in order to fully unleash the power of the cloud.'
The findings are also eye-opening in debunking conventional wisdom that Europe is behind North America in cloud adoption, as Jeroen Blaas, general manager, CipherCloud Europe, explains.
'In actuality, we’re nearly on par and equally susceptible to the risks that ride into the enterprise on the back of shadow IT. And while European privacy regulations are among the most stringent in the world, these findings reveal that regulations don’t stop shadow IT. So it is up to enterprises to be the enforcers of good security hygiene and to protect against all risks to European privacy laws.'