Infosec 2016: Shadow IT Lets Employees Take Company Data To New Jobs

Thirteen percent of employees in the UK, France and Germany admit to storing corporate data on personal devices on cloud applications with a view to whistleblowing or taking data to new employer, according to a survey by Blue Coat which highlights the growing challenge of Shadow IT.

Cloud applications are rising in popularity in the workplace, but Blue Coat says the issue of security and compliance is now becoming more important to companies as legislation such as GDPR raises the prospect of significant fines for the misuse of sensitive data.

Its study found 53 percent of employees are using cloud applications at work, but these are often not sanctioned by IT.

The rise of shadow IT

This increases the risk of corporate or customer data being exposed due to a lack of control by admins – a risk exacerbated by the fact that IT, HR and financial departments are the most likely to use cloud applications and have access to valuable or sensitive information. Storing data from a previous employer and taking it to a new job is in fact illegal.

The most popular type of data to share was marketing (29 percent), customer data (23 percent), IT data (20 percent) and financial data (17 percent). Blue Coat said the ease of use of many services had driven adoption, but left many people unaware of the risks they were undertaking.

“[The survey aims to get] a better breakdown of how people are using the cloud,” said Blue Coat’s Robert Arandjelovic at Infosecurity Europe in London. “A lot of this is outside the view of IT.”

Outlook is the most used app (22 percent), ahead of Gmail (15 percent), Skype (11 percent) and Office 365 (8 percent). However beyond basic firewall protections that block the use of certain apps on corporate networks, many companies don’t have anything more sophisticated in place to monitor Shadow IT.

For example, Allied Irish Bank in Ireland has enlisted the help of Skyhigh Networks to gain more insight into the cloud apps used on its network. It found 2,500 such services, not all of which are approved by IT. If an employee tries to use an unauthorised service, they are not just blocked, but informed why the app is unapproved and are given a sanctioned alternative.

“IT probably has the best handle on Outlook because deployments spring out of on-site deployments. When you get to the others [it’s different], “continued Arandjelovic. “People often use Skype, Gmail because of issues with [corporate applications].

“These services are traditionally seen as IT circumvention.”

Are you a security pro? Try our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

OpenAI ‘Finalising Design’ For In-House AI Chip

OpenAI reportedly set to finalise design for first in-house AI chip within months, putting it…

9 hours ago

DeepSeek Ends Promotional API Pricing Amidst Demand Surge

Chinese AI start-up DeepSeek discontinues promotional pricing for V3 large language model as demand surge…

9 hours ago

Researchers Deliver High-Performance AI Model For Under $50

US researchers say innovative technique delivers performance beating recent OpenAI model with training costs of…

10 hours ago

BYD To Equip Nearly All EVs With Driving Automation

World's biggest EV maker BYD to bring advanced self-driving features to nearly all vehicles, in…

10 hours ago

International Tensions Surface At Paris AI Summit

China representative at AI Action Summit says tensions with US hindering safety efforts, trades barbs…

11 hours ago

France, EU Promise Simplified Regulation For AI Growth

At AI Action Summit, French president Macron, EU digital chief promise to 'simplify' red tape…

20 hours ago