IDG News Service
A growing tendency by business units and workgroups to sign up for cloud services without any involvement from their IT organization creates serious risks for enterprises.
The risks from shadow cloud services include issues with data security, transaction integrity, business continuity and regulatory compliance, technology consulting firm PricewaterhouseCoopers (PwC) warned last week.
“The culture of consumerization within the enterprise — having what you want, when you want it, the way you want it, and at the price you want it — coupled with aging technologies and outdated IT models, has propelled cloud computing into favor with business units and individual users,” PwC said in a report.
Increasingly, workgroups and even individual users in companies are subscribing directly to cloud services for business reasons because it is easy and relatively inexpensive for them to do, said Cara Beston, cloud risk assurance leader at PwC.
“There is a new form of shadow IT and it is likely more pervasive across the company” than many might imagine, given the easy access to cloud services, Beston said. “It is harder to find, because it is being procured at small cost and is no longer operating within the bounds of the company.”
Some typical use cases for shadow cloud services include collaboration software, storage, customer relationship management apps and human resources.
The Software as a Service (SaaS) delivery model allows business units and workgroups to quickly deal with business process challenges without having to wait for IT to help out. The fact that the cost for such services is usually an operating expense rather than a capital expense is another advantage.
“Shadow cloud is happening under the radar” at many organizations, Beston said. Without governance, such cloud services present significant data security risks and the potential for technology and service redundancies.
Risks include inadvertent exposure of regulated data, improper access and control over protected and confidential data and intellectual property and breaching of rules pertaining to how some data should be handled.
Companies in regulated industries face a real risk of becoming non-compliant with data security and privacy obligations without even realizing it. Importantly, while many business users sign onto cloud services because of the perceived lower costs, a lack of control over how the services are being used can often result in service duplication and higher-than-anticipated operational costs, she said.
Cloud services for work groups of between five and 10 business users can range from as little as a few hundred dollars a month to a few thousand dollars. But the costs can quickly get out of control when all the different groups that might be using similar services within an organization are counted.