Storage Soup

Dec 27 2012   4:13PM GMT

Rogue shadow IT poses security risks

Sonia Lelii Sonia Lelii Profile: Sonia Lelii

Nearly half of employees use online file sharing services even though their companies have a policy against it, according to a recent report conducted by cloud storage vendor Nasuni.

For its Special Report on Shadow IT in the Workplace, Nasuni surveyed 1,300 corporate IT users. Online file sharing and bring your own devices (BYOD) are gaining in popularity as employees  use PCs, iPads, smartphones and tablets to access work-related files. And they use these devices to work from airports, homes, cafes and other locations outside of the corporate office.

Companies are starting to call this “shadow IT” because these services and devices often are not controlled by traditional IT departments. For many companies, it’s a growing security problem.

“We were surprised that the percentage of users is one out of five. That is not a trivial number. There is an incredible amount of usage and it was higher than we expected,” said Connor Fee, Nasuni’s director of marketing. “We talked to a lot of IT guys and they complained about Dropbox specifically.”

Other services mentioned include iCloud and Google Drive. The survey included 300 IT managers and 1,000 employees. The survey found that one in five employees uses Dropbox for work files, and half of employees who use file sharing services do not know if their companies have a policy against it.

The report also found that corporate executives are the worst offenders, with vice presidents and directors most likely to use Dropbox despite the security risks. About 58% of employees with personal smart phones or tablets access work files from those devices. The survey found that 54% of respondents work at organizations that do not allow access to file sharing.

“The fact that corporate leaders are the worst offenders tells me IT is failing to deliver on something that is needed,” Fee said. “Having and educating about a policy is not enough. It needs to be address beyond policies.”

1  Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TomLiotta
    The survey found that 54% of respondents work at organizations that do not allow access to file sharing.   That seems to mean either that the restriction is only in policy or that there is no clear method of enforcing the restriction through automated controls.   If it's only in policy, then it also implies that there is no effective monitoring and that there are no visible consequences of violating policy. It implies that any policy violation might have no consequence, even ones not related to IT.   If it's because automated controls aren't feasible, it implies that systems are dangerously vulnerable to outside, unauthorized access.   Tom
    125,585 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: