A recent global study from Symantec, a world leader in cyber security, reveals that U.K. CISOs still fail to grasp the security risks their organisations face due to the rampant use of unsanctioned cloud applications.
From popular productivity apps to free file transfer services, cloud apps are becoming increasingly popular within organisations. However, many of them are unsanctioned and downloaded without the knowledge or approval of the IT team. In the U.K., CISOs estimate one in five (19%) apps used in their organisation are unsanctioned or “shadow apps”, according to a research conducted by Wakefield Research. While they offer many benefits for employees, these apps put confidential data at risk as they have not been checked for adherence to the organisation’s security protocols.
This poses a real issue for IT teams, who often fail to keep track of the number of unsanctioned cloud apps used inside their organisation. One-quarter of CISOs in the United Kingdom even list it as their number one compliance headache.
Symantec’s 2017 Internet Security Threat Report (ISTR) shows that most CIOs assume that their organisations use up to 40 cloud apps when, in fact, the number is closer to 1,000.
CIOs and CISOs may not fully realise the risks that their companies are exposed to, despite increased pressure, particularly from regulators, to address these security concerns. With less than one year until GDPR comes into effect, it comes as no surprise that virtually all (95%) U.K. CISOs say that one of the most stressful aspects of their job[1] is ensuring that their cloud apps comply with regulation.
“Upcoming regulation such as GDPR is heightening the need for data security, putting more pressure on CISOs and CIOs to control the data flow in their organisation, whether on premise or via cloud applications,” said Darren Thomson, vice president and chief technology officer, Symantec. “Unless CIOs and CISOs get a tighter grip on all the cloud applications used by their employees, they will be exposing themselves to an increased level of threats and risk being uncompliant with regulations. “Educating employees also plays an important role in raising awareness of the security risks associated with using unsanctioned apps.”
If CISOs would like understand how shadow apps might be affecting their organisation, they can take a free Shadow IT Risk Assessment here.
[1] CISOs on the State of Enterprise Data Security, see here: https://www.symantec.com/content/dam/symantec/docs/data-sheets/cisos-on-state-of-enterprise-data-security.pdf
