Site iconAxway Blog

GDPR overexposes Shadow IT

GDPR overexposes Shadow IT

GDPR overexposes Shadow IT

Cloud computing paves the way for Shadow IT

Shadow IT is described as IT solutions used within a company without organizational approval. It’s the IT activity that takes place in the shadows without the usual security and control requirements on data placed under the responsibility of the company.

Shadow IT predates the cloud when many employees downloaded and installed their own software to achieve tasks. Since cloud solutions come with an easy-to-consume (starting with Freemium account) and easy-to-use paradigm, the potential lack of control is astounding. Symantec states that “organizations use 20 times more cloud apps than they think.”1 Corporate IT security professionals estimate they have 30 to 40 apps in the cloud when the reality is a staggering 928 apps.

Shadow IT does not meet security requirements

The main reason for shadow IT emerged was usability and price. Security is still not considered by end users and is often seen as a constraint. As a consequence, “only 8.1% of cloud services meet enterprise security and compliance requirements, “2 states a recent Skyhigh networks report.

Shadow IT: the digital workplace and CCPs

In addition to a focus on the digital workplace, shadow IT also relies on Content Collaboration Platforms (CCP) as defined by Gartner in a recent Magic Quadrant report. “Of the 1,427 cloud services used by the average company, 342 are related to collaboration, file sharing, content sharing”2 (Skyhigh networks report). In addition, “25% of all files shared in the cloud are broadly shared” 1 (Symantec). According to Symantec, this shared data contains personal data for “3% of those shared files contain current compliance related data (PCI, PII, PHI).”1

GDPR overexposes Shadow IT

The European Union’s new GDPR (General Data Protection Regulation) is a game-changing regulation that will bring a new focus to shadow IT for any company doing business in Europe. When the rules take effect in May 2018, the GDPR will require:

What to do now?

No one can stop the move to GDPR. It’s time to standardize existing EFSS solutions into one that:

Besides GDPR compliance, there are other immediate rewards for standardizing on an industry-leading, secure solution such as reduced costs and easier collaboration for all employees.

GDPR is coming, and it’s coming fast. If your organization is guilty of a lot of shadow IT, take the time to get your IT business in order. Your company’s image, revenue and data will thank you.

Check out further information for more detailed reports and information.

[1] Symantec: 2H 2016 Shadow Data Report

[2] Skyhigh networks report: Cloud adoption risk report Q4 2016

Exit mobile version