Engaging Cloud Services Without IT Department Approval Heightens Security Risk, Report Finds
By: Computerworld August 27, 2014
A growing tendency by business units and work groups to sign up for cloud services without any involvement from their IT organization creates serious risks for enterprises.
The risks from shadow cloud services include issues with data security, transaction integrity, business continuity and regulatory compliance, technology consulting firm PricewaterhouseCoopers (PwC) warned.
"The culture of consumerization within the enterprise – having what you want, when you want it, the way you want it, and at the price you want it – coupled with aging technologies and outdated IT models, has propelled cloud computing into favor with business units and individual users," PwC said in a report.
Increasingly, work groups and even individual users in companies are subscribing directly to cloud services for business reasons because it is easy and relatively inexpensive for them to do, said Cara Beston, cloud risk assurance leader at PwC.
"There is a new form of shadow IT and it is likely more pervasive across the company" than many might imagine, given the easy access to cloud services, Beston said. "It is harder to find, because it is being procured at small cost and is no longer operating within the bounds of the company."
Some typical use cases for shadow cloud services include collaboration software, storage, customer relationship management apps and human resources.