Infosec 2016: Shadow IT Lets Employees Take Company Data To New Jobs

Blue Coat research shows significant amounts of cloud use in firms is not sanctioned

Thirteen percent of employees in the UK, France and Germany admit to storing corporate data on personal devices on cloud applications with a view to whistleblowing or taking data to new employer, according to a survey by Blue Coat which highlights the growing challenge of Shadow IT.

Cloud applications are rising in popularity in the workplace, but Blue Coat says the issue of security and compliance is now becoming more important to companies as legislation such as GDPR raises the prospect of significant fines for the misuse of sensitive data.

Its study found 53 percent of employees are using cloud applications at work, but these are often not sanctioned by IT.

The rise of shadow IT

ciscoThis increases the risk of corporate or customer data being exposed due to a lack of control by admins – a risk exacerbated by the fact that IT, HR and financial departments are the most likely to use cloud applications and have access to valuable or sensitive information. Storing data from a previous employer and taking it to a new job is in fact illegal.

The most popular type of data to share was marketing (29 percent), customer data (23 percent), IT data (20 percent) and financial data (17 percent). Blue Coat said the ease of use of many services had driven adoption, but left many people unaware of the risks they were undertaking.

“[The survey aims to get] a better breakdown of how people are using the cloud,” said Blue Coat’s Robert Arandjelovic at Infosecurity Europe in London. “A lot of this is outside the view of IT.”

Outlook is the most used app (22 percent), ahead of Gmail (15 percent), Skype (11 percent) and Office 365 (8 percent). However beyond basic firewall protections that block the use of certain apps on corporate networks, many companies don’t have anything more sophisticated in place to monitor Shadow IT.

For example, Allied Irish Bank in Ireland has enlisted the help of Skyhigh Networks to gain more insight into the cloud apps used on its network. It found 2,500 such services, not all of which are approved by IT. If an employee tries to use an unauthorised service, they are not just blocked, but informed why the app is unapproved and are given a sanctioned alternative.

“IT probably has the best handle on Outlook because deployments spring out of on-site deployments. When you get to the others [it’s different], “continued Arandjelovic. “People often use Skype, Gmail because of issues with [corporate applications].

“These services are traditionally seen as IT circumvention.”

Are you a security pro? Try our quiz!