Infosec 2016: Shadow IT Lets Employees Take Company Data To New Jobs

Thirteen percent of employees in the UK, France and Germany admit to storing corporate data on personal devices on cloud applications with a view to whistleblowing or taking data to new employer, according to a survey by Blue Coat which highlights the growing challenge of Shadow IT.

Cloud applications are rising in popularity in the workplace, but Blue Coat says the issue of security and compliance is now becoming more important to companies as legislation such as GDPR raises the prospect of significant fines for the misuse of sensitive data.

Its study found 53 percent of employees are using cloud applications at work, but these are often not sanctioned by IT.

The rise of shadow IT

This increases the risk of corporate or customer data being exposed due to a lack of control by admins – a risk exacerbated by the fact that IT, HR and financial departments are the most likely to use cloud applications and have access to valuable or sensitive information. Storing data from a previous employer and taking it to a new job is in fact illegal.

The most popular type of data to share was marketing (29 percent), customer data (23 percent), IT data (20 percent) and financial data (17 percent). Blue Coat said the ease of use of many services had driven adoption, but left many people unaware of the risks they were undertaking.

“[The survey aims to get] a better breakdown of how people are using the cloud,” said Blue Coat’s Robert Arandjelovic at Infosecurity Europe in London. “A lot of this is outside the view of IT.”

Outlook is the most used app (22 percent), ahead of Gmail (15 percent), Skype (11 percent) and Office 365 (8 percent). However beyond basic firewall protections that block the use of certain apps on corporate networks, many companies don’t have anything more sophisticated in place to monitor Shadow IT.

For example, Allied Irish Bank in Ireland has enlisted the help of Skyhigh Networks to gain more insight into the cloud apps used on its network. It found 2,500 such services, not all of which are approved by IT. If an employee tries to use an unauthorised service, they are not just blocked, but informed why the app is unapproved and are given a sanctioned alternative.

“IT probably has the best handle on Outlook because deployments spring out of on-site deployments. When you get to the others [it’s different], “continued Arandjelovic. “People often use Skype, Gmail because of issues with [corporate applications].

“These services are traditionally seen as IT circumvention.”

Are you a security pro? Try our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

7 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

10 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

11 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

12 hours ago