CIO’s today are faced with a dilemma. On one hand more and more data is moving to the cloud. Increasing numbers of corporate users are demanding better ways to access, store, manage and share their data with others across multiple devices. But on the other hand, public cloud services like Dropbox that make this possible can have major drawbacks for IT teams in terms of privacy, security and control.
IT leaders need to find an answer before a rising tide of ‘Shadow IT’ drowns UK firms into security risk, compliance trouble and spiraling costs.
Storage is booming
It might be hard to believe given the huge media following to the likes of Dropbox, Box, Google Drive, Apple iCloud, Amazon Cloud Drive and more, but the market for these services is miniscule compared to traditional enterprise storage. The truth is that enterprise IT teams spend most of their storage budget on hardware – $50bn worth annually in fact, compared to just $500m on specialist cloud services. While the market for the latter is widely believed to be slowing, traditional storage hardware is growing every year, at around 10%.
Why is in-house hardware so often the favoured choice for storage? It offers control to IT departments over data location, allowing them to make the most of existing infrastructure investments. There’s also a long-held belief that the IT team can do data security and compliance better than a third party provider.
The Dropbox Effect
The problem for IT is that storage users don’t see it that way. They’ve been spoiled by Dropbox and other innovative cloud providers who’ve reinvented file sharing for the mobile era. They want to access data from any device, anywhere, any time; they want files synced so everyone’s working from the same page; and they want to be able to share even large files with ease, simply by sending a link.
If this could all be managed in a secure, compliant, enterprise-grade manner in-house, there wouldn’t be a problem. But with public cloud services, it simply isn’t a choice. In short, it’s time for IT to start worrying.
Interviews with 100 IT decision makers revealed that despite nearly all (90%) of them admitting that sharing sensitive data in the public cloud poses a level of risk, a worrying 64% don’t monitor or check employee activity. What’s more, even if these services are banned, it doesn’t stop determined staff. Over two-thirds (69%) of IT leaders said they thought at least some of their staff were using public cloud storage services regardless of policy.
Risky business
This growing problem of so-called “Shadow IT” has severe consequences. It’s no surprise that over a quarter of IT leaders claimed public cloud use was the greatest risk to their organisation, and 13% admitted they had already lost or had exposed sensitive corporate data in this way. From the notorious iCloud celebrity photo hack, to Dropbox accounts being illegally accessed after an employee was hacked – the cautionary tales are everywhere to see.
The truth is that public cloud storage services are not fit for enterprise use. But the irresistible pull of ‘Shadow IT’ means users will always look for the easiest way to get their jobs done. If current decades of old enterprise file sharing protocols aren’t meeting this need, then IT leaders need to rethink things.
First they need to stop staff using public cloud services, and that means monitoring usage in a far more systematic and rigorous manner than is happening in many UK enterprises today. Alongside they need to educate employees so they understand why this is happening and what the potential repercussions of disobeying IT policy could be. It’s regrettable that only 36% of respondents to recent research said they provide training on file and data sharing.
Finally, and most importantly, they need to rethink their file sharing strategy. IT’s role fundamentally is to support the business – which means ensuring staff are as productive and agile as they possibly can be. If employees are seeking out unsafe public cloud products then there must be something wrong with the enterprise storage systems you’ve been ploughing money into all these years.
Look for a new solution. What’s needed is something that can marry the best elements of traditional enterprise kit – security, control, manageability – with a more user-friendly cloud approach to keep users happy and productive.
[su_box title=”About Geraldine Osman” style=”noise” box_color=”#336588″]
Geraldine Osman is VP International Marketing at Connected Data. She has over 18 years of technology marketing leadership experience, much of which was gained specialising in storage and security. Geraldine has worked extensively with pioneering technologies to bring them to new markets and geographies, defining go-to-market strategies that deliver fast adoption of next generation technology.
Geraldine joined Connected Data in 2014 and is responsible for all marketing aspects including thought leadership, market category creation, field marketing and strategic pipeline planning. Prior to joining Connected Data, Geraldine worked for Barracuda Networks where she was responsible for establishing the marketing function in EMEA and accelerating regional growth leading in to their successful IPO.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.