Employees In the Dark on Cloud Policies

By | Nov 15, 2012

The development and evolution of cloud computing is a double-edged sword for midsize businesses. The technology enables companies to streamline processes and scale resources to meet the needs of the organization--all the while reducing or eliminating overhead--but just like with mobile computing, employees can abuse the cloud and put a business at risk.

Symantec released a study in November, "The Myth of Keeping Critical Business Information Out of Clouds," that reveals just how common abuse of cloud services is in the workplace. According to the 165 IT managers and staffers questioned, most employees use unauthorized cloud services behind the IT department's back; around 80 percent of workers access email and communications services, file-sharing software, online storage services, and contact manager applications without permission.

It might not just be negligence causing employees to skirt formal policies. "The majority of employees do not think there is a policy to control their use of cloud applications or they have no idea--they just do whatever they want," according to the report.

What's worse, most workers are unaware of the consequences related to policy violations or assume there are no consequences at all. On the flip side, however, 81 percent of IT administrators claimed their organization had clear consequences for "going rogue."

Employees who go behind the backs of IT staff and access unauthorized services are often unaware of the dangers of using cloud-based applications unsupervised. Workers see the benefits of the cloud, but aren't as clear on the risks--or feel that the benefits outweigh the risks.

IT admins, on the other hand, understand how simple it is for hackers to obtain passwords from users through social engineering attempts like phishing. "If a cyber criminal is able to dupe an employee into coughing up his password for Dropbox--in which the user has been storing sensitive customer data--then the company has been unwittingly exposed to data theft," wrote InfoWorld's Ted Samson. As a result, more than half of IT admins questioned believe cloud apps are just as useful as they are a liability.

Midsize businesses can follow in the footsteps of IBM and block popular applications like Dropbox and iCloud, but shouldn't forget to educate end-users on the organization's cloud policy, the repercussions of ignoring security protocols, and the methods cyber criminals use to steal confidential data from the cloud. IT might not need expect backlash, either: Based on Symantec's findings, "only 1 in 10 [employees] feels cloud policies are too restrictive."

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.

IBM Solution Security & Resiliency

IBM IT security expertise can help medium-sized businesses develop, implement and maintain comprehensive strategies to combat ever-evolving security threats without increasing complexity, cost, or resources required for administration.

Learn More »

More on This Topic

Three Security Concerns for 2016

By Allan Pratt on Dec 4, 2015
As we near the end of 2015, what will 2016 look like in the information security sector? Undoubtedly there be an increase in data breaches across all industries, but will businesses take the high road and inform their customers and ...