{"id":11752,"date":"2014-11-04T00:52:26","date_gmt":"2014-11-04T00:52:26","guid":{"rendered":"http:\/\/www.cloudcomputing-news.net\/news\/2014\/nov\/04\/7-reasons-why-cloud-governance-challenge-should-we-eradicate-shadow-it\/"},"modified":"2014-11-04T00:52:26","modified_gmt":"2014-11-04T00:52:26","slug":"7-reasons-why-cloud-governance-is-a-challenge-should-we-eradicate-shadow-it","status":"publish","type":"post","link":"https:\/\/icloud.pe\/blog\/7-reasons-why-cloud-governance-is-a-challenge-should-we-eradicate-shadow-it\/","title":{"rendered":"7 reasons why cloud governance is a challenge: Should we eradicate shadow IT?"},"content":{"rendered":"<p><em>Picture credit: iStockPhoto<\/em><\/p>\n<p>Another day, another report bemoaning shadow IT for cloud computing. SafeNet&rsquo;s Challenges of Cloud Information Governance study, conducted by the Ponemon Institute, is the latest to put the blame of compromising data at the door of unapproved IT activity.<\/p>\n<p>Shadow IT, which involves employees bypassing company policy on website and technology usage, has meant cloud security is &ldquo;stormy&rdquo;, according to the report. More than half (55%) of the 1,864 IT and IT security practitioners surveyed admitted they were &ldquo;not confident&rdquo; that IT knows all the cloud computing services in use at their company.<\/p>\n<p>Respondents added that payment information (56%) was the data that presented the greatest security risk, ahead of customer information (50%), consumer data (34%) and email (23%). Payment info, however, was the least likely to be stored in the cloud, probably as a result of this risk.<\/p>\n<p>Part of the problem for IT managers is that conventional security methods are difficult to enforce with cloud apps and products. 71% of respondents agreed with that statement, while around half (48%) believe it&rsquo;s more difficult to control or restrict end-user access. Similarly, 61% said cloud increases the compliance risk, compared to only 8% who thinks it goes down.<\/p>\n<p>Another problem, as the survey revealed, was the age old question of who is responsible for cloud data: the end user, or the cloud provider? It&rsquo;s still not been answered. 33% argued it was the cloud user&rsquo;s responsibility, 32% said the provider, while 35% said it was a shared responsibility.<\/p>\n<p>Similarly, there is a lack of encryption in software as a service (SaaS) applications. Three quarters of respondents say they use document sharing and online backup tools, but only 28% say their organisation encrypts sensitive data directly within these apps.<\/p>\n<p>As enterprise cloud usage will inevitably increase in the coming years, the 30 page full report (<a href=\"http:\/\/www.cloudcomputing-news.net\/admin\/hub\/news\/add\/www2.safenet-inc.com\/cloud-security-research\/SafeNet-Cloud-Governance.pdf?utm_source=102714-pr&amp;utm_medium=pr&amp;utm_campaign=cloud-security-study\">pdf here<\/a>) paints a fairly bleak picture. SafeNet goes through seven reasons why cloud governance is a challenge:<\/p>\n<ul>\n<li>Uncertainty about who is accountable for safeguarding confidential or sensitive information stored in the cloud<\/li>\n<li>IT is out of the loop when companies make decisions on the usage of cloud resources<\/li>\n<li>IT functions are not confident they know all the cloud resources being used<\/li>\n<li>Companies say encryption is important, but aren&rsquo;t walking the walk on protecting apps<\/li>\n<li>An inability to control how employees and third parties handle sensitive data makes compliance more difficult<\/li>\n<li>More employees are using cloud apps without appropriate security training<\/li>\n<li>Third parties are allowed to access sensitive data without security reinforcement, such as multi-factor authentication<\/li>\n<\/ul>\n<p>Shadow IT is often blamed for this lapse in security. Can you be certain as a CIO or senior manager that your workforce isn&rsquo;t using Dropbox to ping over collaborative documents, for instance? <a href=\"http:\/\/www.appstechnews.com\/news\/2014\/mar\/11\/mcm-and-the-dropbox-catch-22\/\">A blog from MobileIron back in March<\/a> pondered the question: &ldquo;If an auditor had full access to your Dropbox account right now, would they find a single bit of corporate data that shouldn&rsquo;t be there?&rdquo;<\/p>\n<p>In almost all of the cases, it&rsquo;s difficult to say no. So what&rsquo;s the solution? Blacklisting apps is a brute force method, although innovative employees can find many ways to break the system, whether it&rsquo;s for malicious purposes or just an honest attempt to be more productive. <a href=\"http:\/\/www.cloudcomputing-news.net\/news\/2014\/nov\/03\/beware-fat-finger-when-it-comes-cloudy-data-loss\/\">As a <em>CloudTech<\/em> article mused yesterday<\/a>, your employees are a bigger risk to data loss than cybercriminals.<\/p>\n<p>Education, and increased visibility into cloud app usage is key to mitigating the risk of shadow IT, the report concludes &ndash; and it&rsquo;s a good starting point. If you keep your head in the sand and pretend there isn&rsquo;t a problem, your data could be seriously at risk.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Picture credit: iStockPhoto<br \/>\nAnother day, another report bemoaning shadow IT for cloud computing. SafeNet&rsquo;s Challenges of Cloud Information Governance study, conducted by the Ponemon Institute, is the latest to put the blame of compromising data a&#8230;<\/p>\n","protected":false},"author":50,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-11752","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/11752","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/users\/50"}],"replies":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/comments?post=11752"}],"version-history":[{"count":0,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/11752\/revisions"}],"wp:attachment":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/media?parent=11752"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/categories?post=11752"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/tags?post=11752"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}