By Jean-Claude Bellando
Cloud computing paves the way for shadow IT
Shadow IT is described as IT solutions used within a company without organizational approval. It’s the IT activity that takes place in the shadows without the usual security and control requirements on data placed under the responsibility of the company.
Shadow IT predates the cloud when many employees downloaded and installed their own software to achieve tasks. Since cloud solutions come with an easy-to-consume (starting with freemium account) and easy-to-use paradigm, the potential lack of control is astounding. Symantec states that "organizations use 20 times more cloud apps than they think."1 Corporate IT security professionals estimate they have 30 to 40 apps in the cloud, when the reality is a staggering 928 apps.
Shadow IT does not meet security requirements
The main reason shadow IT emerged was usability and price. Security is still not considered by end users and is often seen as a constraint. As a consequence, "only 8.1% of cloud services meet enterprise security and compliance requirements,"2 states a recent Skyhigh networks report.
Shadow IT: the digital workplace and CCPs
In addition to a focus on the digital workplace, shadow IT also relies on Content Collaboration Platforms (CCP) as defined by Gartner in a recent Magic Quadrant report. “Of the 1,427 cloud services used by the average company, 342 are related to collaboration, file sharing, content sharing”2 (Skyhigh networks report). In addition, “25% of all files shared in the cloud are broadly shared” 1 (Symantec). According to Symantec, this shared data contains personal data for “3% of those shared files contains current compliance related data (PCI, PII, PHI)”1.
The digital workplace in a GDPR perspective
The European Union’s new GDPR (General Data Protection Regulation) is a game-changing regulation that will bring a new focus to shadow IT for any company doing business in Europe. When the rules take effect in May 2018, the GDPR will require:
What to do now?
No one can stop the move to GDPR. It’s time to standardize existing EFSS solutions into one that:
Besides GDPR compliance, there are other immediate rewards to standardizing on an industry leading, secure solution such as reduced costs and easier collaboration for all employees. GDPR is coming, and it’s coming fast. If your organization is guilty of a lot of shadow IT, take the time to get your IT business in order. Your company’s image, revenue, and data will thank you.
 Symantec: 2H 2016 Shadow Data Report
 Skyhigh networks report: Cloud adoption risk report Q4 2016