Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Whoops, there goes my data! Hold onto your privates in the Dropbox era

Shake off your sluggishness and learn to live with shadow IT

Your users are probably using cloud-based services that you’re not even aware of to organise their files and collaborate with each other. What are you going to do about it?

“Shadow” IT — cloud services bought from third-party providers without authorisation by the IT department — is becoming a significant problem for many companies, even if they don’t know it yet.

Canopy, the Atos cloud brand, recently conducted a survey of 350 IT decision makers across the UK, Germany, France, the Netherlands and the US. Half of the line of business managers reckoned between five and 15 per cent of their departmental budget was spent on shadow IT, amounting to €8.6m.

And 60 per cent of the CIOs surveyed said that shadow IT drained around $13m on average from their organisation last year.

Bleeding budget as customers flock to third-party service providers is a problem enough in itself, but security is just as big an issue. According to the Canopy survey, the lion’s share of the cash went on backup services, meaning that files are being sent to service providers over which the IT department has no control.

Companies often only refresh their IT in a major way every decade or so, according to Thales Security cybersecurity practice lead Sam Kirby-French.

In contrast, employees’ experience with technology outside the office evolves continually, and they are constantly presented with new and exciting technology options that can make office systems look antiquated.

“Part of it is that the IT department isn’t supporting the user well enough, and the user wants to make their own life as easy as possible, so they will use alternatives,” he said. “And it’s difficult to stop them using those alternatives.”

The Canopy survey said more than two-thirds of respondents viewed their IT department’s sluggishness as a key factor that would push departments further into the arms of third-party service providers.

This unresponsiveness manifested itself as a failure to sanction short-term pilots quickly enough, and to host products for launches in a timely enough way.

Banning it is inadvisable

What kind of policy can the IT department put in place to stop naughty users from exposing corporate data in the cloud? The most draconian one is the grumpy cat approach: simply blacklist everything.

Corporate filtering systems can easily block a list of URLs. While these blacklists have most commonly been used to switch off porn sites, social media, and videos of dogs walking on tight ropes, they could just as easily be configured to block a growing list of cloud-based services that users might be using as temporary file dumps.

Not so fast, warns EMEA marketing director Nigel Hawthorn at Skyhigh Networks, which helps companies find the cloud-based services being accessed within client networks. It uses this data, aggregated from organisations around the world, to produce a report every quarter.

In the first quarter of 2015, the average firm used 923 distinct cloud services, the Skyhigh Networks estimates. That's more than a fifth more than the year before and around 10 times higher than IT estimates. It's also going to lead to an awfully big black list, a list that's growing all the time, Hawthorn said.

"We are adding 100 new cloud services to the registry every week," he explained. "Old-style web filters find it difficult to work out where to put them.”

Typically, URL blockers will have a few tens of categories for different sites, ranging from porn to social networks, entertainment and sports. "Where do you put a cloud service that could be used for many different things?" Hawthorn asks.

In any case, if you just try to block everything, you often achieve the opposite effect, pushing your users away from well-established and reputable sites into specious online apps run out of someone’s shed. Far better Dropbox, say, than Yuri’s MegaBling Filesharing Service.

Alternatively, they will simply find other ways of accessing the mainstream cloud services that they were using before. Once, people would bring modems into their office to get dial-up access to the internet at work. Today, 4G “Mi-Fi” hotspots and rogue Wi-Fi access points are an alternative.

“It’s a device that the laptop thinks is a hotspot, and it connects to data services. So people can get around the URL filters that block them from doing certain things. Now all of a sudden you have a rogue Wi-Fi access point that doesn’t even exit through the firewall,” said John Pescatore, director of emerging security trends at the SANS Institute.

He warns this will become a bigger problem in the future. “The reason that this is starting to reach the tipping point is how often you turn on your device and search for Wi-Fi. You see dozen of these things,” he warns.

Similar topics

TIP US OFF

Send us news


Other stories you might like