Although the use of cloud in the enterprise has helped employees become more efficient and productive in their jobs – it has also brought security challenges to the business.
So said Steve James, business development director at Puleng Technologies, who adds the consumerisation of IT driven by cloud services has helped employees have tools to make their jobs easier.
However, this has brought concerns for CIOs around security and data management, he adds.
According to James, employees tend to bring applications that are not sanctioned by IT – referred to as 'shadow IT'.
Shadow IT is a term used to describe IT systems and solutions built and used inside organisations without explicit organisational approval.
Shadow IT makes it difficult for IT to enforce security policies drawn by the business to mitigate security risk, says James.
One of the biggest barriers to protecting against corporate data loss and the reputation risk is a lack of understanding of the cloud and the extent of its usage in the organisation, he adds.
If IT are not aware and do not have visibility in these services they cannot secure the company from the threat these cloud services may carry, notes James.
Gartner says shadow IT is growing and is an unstoppable force. If governed, managed and guided appropriately to mitigate the risks, shadow IT can create a lot of value for the organisation – but if left unguided and controlled, it can destroy value, it adds.
James says, on the other hand, IT can use shadow IT to their advantage – it can be used to reveal the cloud services that are most in demand by employees and create an equivalent service that will be within the company's governance.
Instead of trying to stop employees using shadow services IT should give them similar sanctioned IT services that have flexibility of shadow IT services but are more secure, he adds.
He says IT needs to know the extent of this shadow cloud use and get it back under control, defining cloud services, setting the policies, educating users and enforcing security to reduce data loss.
James says CIOs should work closely with business managers to track down shadow IT projects to manage its use and promote similar sanctioned IT services governed by the business.