• No results found

Shadow IT in the Enterprise

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Shadow IT in the Enterprise"

Copied!
7
0
0

Loading.... (view fulltext now)

Download now ( 7 Page )

Full text

(1)

Shadow IT in the Enterprise

(2)

Introduction

In today’s work environment, the proliferation of smartphones and tablets is driving mobility and a corresponding culture of convenient, “always on” access to information. More than ever before,

employees are demanding access to their files – at any time and from any device. Furthermore, this culture of access is contributing to more distributed environments, with teams in multiple offices needing to work together across the boundaries of physical locations.

Oftentimes, the expectation for convenient access from anywhere is outpacing IT’s ability to deliver. Consequently, users are turning to file-sharing solutions geared toward consumers, such as Dropbox, to fill this gap. This concept of using software solutions without IT approval is referred to as “Shadow IT”. Solutions in Shadow IT are unmanaged, unmonitored and unsupported by IT, putting the data stored in these solutions at risk of loss and exposure to unauthorized users.

Companies aware of the risks associated with Shadow IT work to eliminate, or at least mitigate, this risk by implementing policies prohibiting the use of unapproved solutions. However, policies alone are not effective; organizations must consider providing solutions that are approved by IT and deliver the functionality that users demand.

In September 2012, Nasuni conducted a survey of more than 1,300 corporate IT users to better understand employee habits regarding Shadow IT and their impact on corporate IT systems and security. This paper presents the survey results, including what users revealed about their use of consumer file sharing solutions and personal devices.

Who Uses Dropbox at Work?

Dropbox is one of the most commonly employed file sharing services in Shadow IT, offering a simple tool for file storage and sharing. According to Dropbox, the number of registered users is growing exponentially and is currently at 100 million users worldwide.1

80% 60% 40% 20% 0% Education 67% 35% & Distribution 26% Gover nment & Non-Pr ofit 37% Other 41% 46% ech, T elecom

& Utilities Healthcar

e 45% 45% e 47% 54% Manufacturing PR / Media 53% Transportation 58% Services

(3)

It is commonly understood that people use Dropbox to share personal photos, videos and documents. The question is – how many people are using Dropbox for work? And, perhaps more importantly, do organizations have a clear view into who is using Dropbox?

According to the survey, 1 out of every 5 respondents is placing work files at risk in a personal Dropbox account. In the process of leveraging file-sharing services users are storing files outside of the managed IT infrastructure in a solution that does not provide enterprise class security or control.

The frequent use of Dropbox at work, combined with the security concerns, is one of the most troubling aspects of Shadow IT. A critical step in addressing the risks is understanding who in the organization is leveraging this tool.

After an organization identifies who is leveraging Dropbox, the next step is to understand what type of files reside in it – are they public or private files? While it is possible that the files stored in Dropbox contain non-sensitive information, it is more likely that users have become accustomed to using these services for all files, including sensitive content.

The sensitive data stored in Dropbox is not secure and just as importantly, not controlled by IT. This means that if an employee leaves the company, the information that user has stored goes with them, creating a significant risk of data loss or exposure. Furthermore, as the amount of sensitive corporate data stored in Dropbox increases, the online file-sharing service will become a more attractive target for hackers and other malicious groups. 43% 34% 25% 22% 10% 8% 8% MarketingEngineering IT Operations Sales Finance Other 50% 40% 30% 20% 10% 0%

Dropbox Usage by Department

Dropbox Usage by Title

Staff and

Manager Director and VP C - Level

All Departments IT Only 21% 38% 22% 18% 33% 29% 40% 30% 20% 10% 0%

(4)

The Move to Mobile

Beyond using file-sharing services on desktops and laptops, users are leveraging smart phones and tablets to access work files, attaining the speed and flexibility they need for high productivity in a mobile world. 3 out of 5 users with a personal mobile device resort to using their own device to access work files because the company does not provide the tools they require. Dropbox usage is prevalent in the mobile world as well; after e-mail, it is the most common tool used for accessing work files on a mobile device.

As the number of devices grows, the use of Dropbox and Shadow IT will simultaneously increase to meet the demands of new users. 1 out of 4 survey respondents plan to have an additional smart phone or tablet before

the end of the year. This rapid growth of mobile devices will naturally drive demand for accessing work files; 73% of respondents who are planning to acquire a new device say they will use the device to access work files.

Policies for Protection

A critical part of implementing an effective IT policy is raising awareness of the policy among users. The survey data shows that almost half of all respondents do not know the company policy on accessing file-sharing services, indicating that these companies either do not have policies or have not effectively communicated the policy to the users. However, companies that have educated their users about corporate IT policies have not fully addressed the problem with Shadow IT either. Our survey suggests that 49% of users do not follow IT policies even when educated about the policy.

Tools Used to Access Work Files on Personal Mobile Devices

33% 25% 13% 12% 5% 4% 7% E-mail fr om myself E-mail fr om a colleagueDr opbox iCloud Ever

note Box Other 40%

30%

20%

10%

0%

Increasing Mobile Devices in the Workplace 100% 75% 50% 25% 0% No additional smart phone or tablet Additional smart phone or tablet Do not plan to access work files Plan to access work files

(5)

An effective IT policy requires both education and participation. Without sufficient knowledge and user participation, IT will continue to face challenges with Shadow IT.

Conclusion

As smart phone and tablet usage grows in adoption, the growth of Shadow IT will likely continue, fueled by users’ requirements for anytime, anywhere access to files. Furthermore, policy and education alone do not address the emergence of Shadow IT and resulting unmanaged file sharing and data exposure. In order to fully address this issue, organizations must consider providing the tools that deliver the convenient and flexible access to information that users want. Without the proper tools provided, managed, and supported by IT, users will continue to find alternative solutions and work around existing policies, leaving IT in the dark.

Company Policy for File Sharing Services and User Behavior

100% 75% 50% 25% 0% IT does not allow access Do not use file sharing services Use file sharing services IT allows access Do not know

What is the policy – access or no access? 54% of respondents work at

organizations that do not allow access to file sharing services, while 46%

work at organizations that do allow access to file sharing services.

(6)

The Respondents

More than 1,300 corporate IT users responded to the survey from a range of industries, departments and levels in the organization. In some cases, data was analyzed to compare IT vs. non-IT users to better understand the unique behaviors of the different groups. The demographic breakdown of respondents is:

16% Manufacturing 13% Retail / Wholesale 11% Financial Services 10% High Tech 9% Government 9% Executive 17% Other 20% 40% 60% 80% 100% 0% 7% Healthcare 7% Director 6% Services 6% Education 22% Other 22% Information Technology 20% Sales 17% Finance 17% Engineering 9% Operations 4% - Marketing 10% Other 36% Staff Member 30% Manager Survey Demographics

(7)

About Nasuni

Nasuni provides a remote and branch office storage solution that offers unified storage with built-in backup, replication, and offsite protection using an on-site appliance connected to the cloud. Nasuni gives enterprise IT the ability to deliver globally

distributed storage infrastructure that is completely centrally controlled and managed. IT can now provide global file access with the performance that end-users demand and a single master cloud storage system that enables consistency and control. With Nasuni, organizations can simplify IT, improve productivity, increase information security, and reduce the total cost of storage. For more information, visit www.nasuni.com.

References

Download now ( PDF - 7 Page - 734.89 KB )

Related documents

THE BEST OF CENTRAL OREGON

If you’re a beer buff, take a guided tour at Deschutes Brewery to learn more about how the craft beer scene got its start in Central Oregon, then visit a few.. of the city’s

Aryl hydrocarbon receptor promotes liver polyploidization and inhibits PI3K, ERK, and Wnt/beta-Catenin signaling

Taking into account that AhR expression promotes differentiation in different cell types ( Esser and Rannug, 2015; Mulero-Navarro and Fernandez-Salguero, 2016 ), and

D 3.1 Road Safety Inspection Schemes Review

The report must be written by the road traffic authority and contains the type of road safety inspection and the route, start and end time of the inspection, names of the

Genomic architecture and evolution of clear cell renal cell carcinomas defined by multiregion sequencing

Nonsynonymous mutations were classified into three categories: (i) category 1 ‘high confidence driver mutations’ (amino acid substitutions identical to those found previously

This is an Open Access document downloaded from ORCA, Cardiff University's institutional repository:

As some examples, we mention the operator-algebraic construction of free quantum field theories by modular localization [BGL02], the construction of boundary quantum field theory

Impact of Preventive Health Care on Indian Industry and Economy

Based on the findings of the survey, it is recommended that the private sector should adopt the following health care measures for the employers: conduct health audit of all

Certifiably Safe Software-Dependent Systems: Challenges and Directions

Combining Properties and Evidence to Support Overall Confor- mance Claims: Safety-critical system development increasingly relies on using a diverse set of verification

Coastal Carolina University. Conway, South Carolina. Proposal to the. South Carolina Commission on Higher Education.

Coastal Carolina University’s Sport Management program is positioned to offer a professional curriculum to students in a dynamic and growing industry, and in a geographic region