News Feature | March 4, 2015

Report: Your IT Clients' Employees Are Using Shadow IT, Creating Risks

By Ally Kutz, contributing writer

SMB IT Data Security

Enterprise-ready services have almost doubled in 2014, but there is still risk from shadow IT, according to Skyhigh Networks’ quarterly Cloud Adoption and Risk (CAR) Report.

Skyhigh Networks based the report on data from more than 15 million employees across 350 enterprises in Q4 and issues the report quarterly with the goal of better understanding cloud usage. For VARs and managed services providers (MSP) it’s confirmation that more work needs to be done to keep your IT clients’ data safe and to educate users on best practices.

The study found the average number of cloud services in use at each company grew to 897, 8 percent higher than Q3 2014 and 43 percent higher than Q4 2013. The report’s authors state, “That number is 10 to 20 times higher than what IT executives expect, especially considering that many of these cloud services are adopted by employees acting on their own, without the knowledge of the IT department.”

The report also looks at how usage across categories has changed. Development services (such as GitHub and SourceForce) have grown 97 percent over the past year. Collaboration services (such as Microsoft Office 365 and Gmail) have increased by 53 percent. The categories of file sharing and content sharing each increased by 37 percent, business intelligence increased by 15 percent, and social media and tracking each increased by 23 percent.

The report states the average employee now uses 27 apps at work, six for collaboration, four for social media, four for content sharing, three for file sharing, three for business intelligence, and seven other apps.

The report also includes the risks associated with cloud services, offering some good news: “Cloud providers invested heavily in security over the last year, and a much larger number now offer more robust security features and certifications.” Multifactor authentication is offered by 17 percent, 5 percent are ISO 27001 certified, and 11 percent encrypt data at rest.

Storing data continues to be an issue, especially in markets with regulatory requirements. The report states, “Surprisingly, 37 percent of users in Q4 uploaded at least one file to a file-sharing cloud service that contained sensitive or confidential data.” In addition, 4 percent of field in management applications include personally identifiable information (PII) such as driver’s license number, date of birth, or health plan numbers.

Of the companies surveyed, 92 percent experienced compromised identities among their users. The markets with the most compromised accounts are real estate (19 percent), utilities (18 percent), and high tech (15 percent). On average, 12 percent of users at a company have had at least one password stolen.

To read the full report, click here.