Most enterprise cloud app usage falls under shadow IT, but could this be a positive for the CIO?

(c)iStock.com/MilosJokic

86% of cloud apps used by enterprises fall under the category of shadow IT, while nearly three quarters aren’t ‘Safe Harbour’ approved, according to an industry report from CipherCloud.

The research findings, coming amidst worries of more sophisticated mobile malware and vulnerabilities, suggest organisations need to do more to assess what’s going on in their internal IT. One major US enterprise polled estimated it had 10 to 15 file sharing applications in use; the real number was almost 70.

More than half (52%) of publishing apps were considered high risk, while 42% of social apps and 40% of career-based apps were also considered risky.

Enterprises in both North America and Europe are leveraging cloud applications extensively. An average global enterprises uses more than 1000 apps, and though North American businesses (1245) predictably use more than European firms (981), the gap is closing. Not surprisingly, social was the most popular class of cloud app, followed by collaboration, marketing, IT infrastructure and media.

Yet the majority of this usage is through unapproved applications.

One major US enterprise polled estimated it had 10 to 15 file sharing applications in use; the real number was almost 70.

“Our findings suggest that organisations vastly underestimate the level of shadow IT when it comes to cloud adoption”, the report notes. “As a result, hundreds of high-risk cloud applications are in common use across North American and European enterprises.”

The report adds: “To achieve governance, it is imperative that organisations build the necessary legal and technological infrastructure to address cloud risks.”

But is shadow IT such a bugbear? The vast majority of articles and thought pieces paints it as a complete no-no; however, recent opinion assesses it in the context of ‘if you can’t beat them, join them’. Rather than stamp out shadow IT completely – which is practically impossible as employees will find a way to get around the system – it should be taken as constructive criticism.

As EMM provider MobileIron writes on sister site Enterprise AppsTech: “CIOs should see shadow IT as an opportunity. It’s an opportunity in the sense that it highlights, often very clearly, where something isn’t working for people.

“Instead of trying to wage war against people who are trying to do their jobs as best they can – something that will appear as punitive and unjustified to those people – a more forward thinking and long term approach is to engage them, understand their needs, and work to resolve the issue in a way that works for them and for IT.”

Then again, this point of view might not be the easiest to run by the CIO if corporate data is leaked through an employee’s personal Dropbox account.

You can find the full CipherCloud report here (registration required).