Infosec 2016: Shadow IT Lets Employees Take Company Data To New Jobs

Thirteen percent of employees in the UK, France and Germany admit to storing corporate data on personal devices on cloud applications with a view to whistleblowing or taking data to new employer, according to a survey by Blue Coat which highlights the growing challenge of Shadow IT.

Cloud applications are rising in popularity in the workplace, but Blue Coat says the issue of security and compliance is now becoming more important to companies as legislation such as GDPR raises the prospect of significant fines for the misuse of sensitive data.

Its study found 53 percent of employees are using cloud applications at work, but these are often not sanctioned by IT.

The rise of shadow IT

This increases the risk of corporate or customer data being exposed due to a lack of control by admins – a risk exacerbated by the fact that IT, HR and financial departments are the most likely to use cloud applications and have access to valuable or sensitive information. Storing data from a previous employer and taking it to a new job is in fact illegal.

The most popular type of data to share was marketing (29 percent), customer data (23 percent), IT data (20 percent) and financial data (17 percent). Blue Coat said the ease of use of many services had driven adoption, but left many people unaware of the risks they were undertaking.

“[The survey aims to get] a better breakdown of how people are using the cloud,” said Blue Coat’s Robert Arandjelovic at Infosecurity Europe in London. “A lot of this is outside the view of IT.”

Outlook is the most used app (22 percent), ahead of Gmail (15 percent), Skype (11 percent) and Office 365 (8 percent). However beyond basic firewall protections that block the use of certain apps on corporate networks, many companies don’t have anything more sophisticated in place to monitor Shadow IT.

For example, Allied Irish Bank in Ireland has enlisted the help of Skyhigh Networks to gain more insight into the cloud apps used on its network. It found 2,500 such services, not all of which are approved by IT. If an employee tries to use an unauthorised service, they are not just blocked, but informed why the app is unapproved and are given a sanctioned alternative.

“IT probably has the best handle on Outlook because deployments spring out of on-site deployments. When you get to the others [it’s different], “continued Arandjelovic. “People often use Skype, Gmail because of issues with [corporate applications].

“These services are traditionally seen as IT circumvention.”

Are you a security pro? Try our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago