Most IT pros admit they can’t control unauthorised cloud apps

More than two-thirds (67 percent) of organisations admit that unauthorised cloud applications are being implemented without IT’s knowledge or involvement, causing potential security problems, according to research.

A poll was taken at last week’s Cloud Expo show in London by unified identity management firm Centrify. As shadow IT becomes a bigger challenge for businesses – with employees downloading applications without going through a formal IT procurement process – around 40 percent of respondents said that between 10-20 percent of cloud services are now being purchased outside of IT.

Further, a fifth (20 percent) admitted that between 10-20 per cent of cloud applications are being implemented without any knowledge or involvement from IT, while half of respondents believed it was less than 10 percent.

“It probably seems like an easy solution for people looking to cut corners and avoid having to go through the formal process of getting IT approval,” said Barry Scott (pictured), CTO EMEA at Centrify. “The problem is that so much cloud-based software is easily available and requires no IT skills whatsoever to manage, so staff are just downloading the tools they like or that will help in their work, without considering the risks.

He said: “While half of our poll respondents were confident that less than 10 percent of applications were being implemented without their knowledge, they are likely to be underestimating the extent of shadow IT in their organisation.

“Without the necessary controls and security policies in place, including passwords and authentication, unauthorised cloud apps are opening up corporate data to the risk of compromise.”

Centrify also asked respondents to estimate how much time they spend managing unauthorised cloud applications, and 42 percent said between 1-2 hours per week, while 21 percent said between 2-5 hours per week.