Out-Law News 1 min. read
18 Jan 2013, 12:32 pm
Symantec said that nearly 1,000 of the 3,236 business and IT executives within global organisations of all sizes it had surveyed about the ‘hidden costs of cloud’ had simultaneously reported rogue cloud use within their firm and the loss of confidential information last year. Symantec defined 'rogue clouds' as "business groups implementing public cloud applications that are not managed by or integrated into the company’s IT infrastructure".
The primary reason why businesses allowed rogue use of cloud was to save money, according to Symantec.
"Perhaps the sales manager signs his department up for Salesforce without thinking to consult IT," Symantec said in a new report (11-page / 4.62MB PDF). "Or perhaps marketing shares important launch materials with outside vendors via an unauthorized Dropbox account. In either case the organization has put sensitive information into the cloud without organizational oversight. It’s a surprisingly common problem, found in three-quarters of all organizations. It also seems to be an issue experienced more by enterprises (83%) than SMBs (70%)."
"Among those who reported rogue cloud deployments, 40% experienced the exposure of confidential information, and more than a quarter faced account takeover issues, defacement of Web properties, or stolen goods or services," it said. "So why are organizations doing it? One in five don’t realize they shouldn’t. However, the most commonly cited reason for these rogue cloud projects was to save time and money: going through IT would make the process more difficult."
Symantec said that 94% of respondents to its survey had said that cloud or cloud services had been at least discussed within their organisation. More than three quarters (77%) reported there had been "rogue cloud deployments" last year.
The security provider said that other "hidden costs" that survey respondents had flagged about using cloud platforms included in relation to the "complicated" nature of allowing for data backup and recovery. In addition, 34% of respondents said their companies had been asked to provide information stored in the cloud as part of an 'eDiscovery' request last year. However, 66% of those companies missed their deadline to provide information, according to the Symantec report. This could potentially lead to "fines or compromised legal positions", it said.
“By taking control of cloud deployments, companies can seize advantage of the flexibility and cost savings associated with the cloud, while minimising the data control and security risks linked with rogue cloud use,” Francis deSouza, group president of enterprise products and services at Symantec, said in a statement.
