ITWeb in partnership with Puleng Technologies and Skyhigh Networks recently conducted its first Shadow IT Survey to examine cloud adoption, shadow IT, and policies and procedures in place to secure these technologies, as well as to find out how many cloud services are formally approved by organisations versus how many are actually in use.
The survey, which ran online for two weeks during April this year, captured responses from a wide range of businesses (62% from across major industry sectors and 38% from IT), with 38% being middle managers and 24% C-level execs.
Over half of the respondents believe there are more cloud services being used in their company than officially approved. Interestingly, 17% said no cloud services whatsoever are being used by their staff, while over 50% estimated the average number of cloud services being used is below five, and 27% up to 20. Shadow IT seems to be out of control in a very small number of cases, with 4% reporting having up to 50 cloud services in use.
"This gap is made up of shadow cloud services, those used by employees without official approval," comments says Nigel Hawthorn, EMEA director of strategy at Skyhigh Networks. "However, if we compare even these figures with the reality, that Skyhigh sees when performing an assessment of cloud services, the numbers people think are being used are a small fraction of the reality - we typically find between 500 and 1 000 different services, way ahead of what people think is going on."
It's not surprising that over 70% of organisations indicated that they are moving ahead with cloud service adoption (either full-steam ahead or with caution). A further 17% are in early stages of investigation and only 12% say cloud services adoption is not a priority.
"This finding shows that the benefits of cloud - agility, ease of deployment, costs - are important to South African organisations," says Hawthorn.
Furthermore, an overwhelming majority of respondents (74%) believe the use of software-as-a-service (SAAS) will increase in their organisation within the next two years.
Data security top concern
Most of the businesses surveyed say the top three barriers for the use of cloud are security at 52%, integration of cloud with existing IT systems at 48%, and compliance with laws and regulations at 40%.
"The major barrier to cloud adoption is not a surprise - it is security of the data," notes Hawthorn. "This shows that South Africa is very much aware of the problem and IT needs to be able to grasp the issue. All cloud services work on a shared-security model - while the cloud provider delivers the physical security, the network-level security and server patches, the company is still responsible for user and data security, a problem made more complex by the data being hosted in the cloud environment."
It also transpired that as 58% of respondents do not have defined policies for users wanting to utilise cloud services.
"Education is always important and inadvertent user behaviour is the major cause of data loss incidents," comments Hawthorne. "This finding shows that South African organisations need to define their policies and start enforcing them, ensuring that employees know the problems, the safeguards and what to do to keep cloud data safe."
He says this can be helped by installing technology that integrates with corporate authentication systems, adding encryption, deploying DLP on cloud data and enhanced logging of traffic.
Most of the organisations polled (70%) do not have a cloud adoption team with members from non-IT functions. "This is a concern as data loss can lead to serious problems - loss of business, loss of intellectual property, brand trust, loss of customers and fines of up to R10 million - so it shouldn't be considered just an IT problem," says Hawthorne.
Hawthorn urges organisations to take the problem of data loss more seriously and make sure that departments such as risk, compliance, legal and even senior management are involved.
Share