Employees continue using unsanctioned IT services

Read time 3min 10sec
Over half of local organisations do not have defined IT policies for employees wanting to use cloud services, ITWeb's Shadow IT Survey has revealed.
Over half of local organisations do not have defined IT policies for employees wanting to use cloud services, ITWeb's Shadow IT Survey has revealed.

Almost a third of local organisations do not know if a purchased cloud service is used by all the account logins paid for by the company.

This is according to a Shadow IT Survey run by ITWeb and T-Systems, in partnership with Symantec, which set out to determine, among other things, the current business attitude towards cloud services.

The survey respondents were largely IT professionals and senior executives from a variety of South African public and private sector organisations.

Shadow IT is a term used to describe software and hardware that is used inside organisations without explicit organisational approval or support from the organisation's IT department.

Around 40% of respondents reported that only between two and five cloud services have been formally approved by their organisation, while 12% said more than 10 had been approved. Surprisingly, as many as 19% said none had been approved.

When asked how many different cloud applications (including approved and shadow services) they think are in use in their organisation, 44% of respondents again said only between two and five.

"We have found that organisations have hugely underestimated their exposure to apps, which could have inherent risk to business. Typical organisations estimate their exposure to be under 50 applications, where the reality (post-audit) indicates that exposure could be as much as 10 to 15 times that," says Jon Hamlet, country manager at Symantec SA.

Hamlet advises companies to conduct a shadow IT audit to get an accurate reflection of their cloud application usage. This enables implementation of effective strategies for cloud adoption, he says.

Over half of local organisations do not have defined IT policies

Security (61%) emerged as the biggest barrier to using cloud services, with integration of cloud with existing IT systems (53%) coming out as the second-biggest barrier. Another 41% of respondents admitted that compliance laws and regulations hinder their use of cloud.

Although the use of cloud in the enterprise has helped employees become more efficient and productive in their jobs, it has also brought security challenges to the business, note security experts.

Gartner predicts 95% of cloud security incidents will be the customer's fault.

"Shadow IT is growing and is an unstoppable force. If governed, managed and guided appropriately to mitigate the risks, shadow IT can create a lot of value for the organisation, but if left unguided and uncontrolled, it can destroy business value," says the research firm.

Alarmingly, over half of respondents admitted to not having defined policies for users wanting to utilise cloud services, while 39% said they did.

Use of SAAS

The survey further found, while the majority of respondents (71%) believe that the use of SAAS within their organisation will increase in the next two years, a very small percentage (3%) believe it will decrease.

According to SAAS portal, a demand-user view of software is set to dominate, with suppliers making software available on central servers on a pay-per-use basis.

A research report by Gigaom research reveals that a staggering 81% of line-of-business employees admitted using unauthorised SAAS applications. When it comes to enterprise-grade file-sharing solutions in the enterprise, Dropbox was used without the IT department's authorisation in 38% of the organisations.

Business continuity (18%), performance (16%) and agility/ employee productivity (18%) were cited as some of the main benefits of cloud adoption.

Login with