Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Many IT Pros Ignore Security Policy in Order to Do Their Jobs: Survey

Just like clouds can hide sunshine, they can also hide user activity from the security controls deployed by the business in the world of IT.

Just like clouds can hide sunshine, they can also hide user activity from the security controls deployed by the business in the world of IT.

According to a survey of 1,000 consumers by ResearchNow, a third of the IT professionals and administrators said they had downloaded an application they were not authorized to use on a corporate device in order to do their job. That number compared to just 15 percent of respondents overall. In addition, 67 percent of IT pros and administrators admitted to downloading an app they use for work on a personal device such as a phone, laptop or tablet.

“It is clear that employees, in particular the IT department, only want to do the very best for their companies and will seek out ways to be more efficient and produce quality work,” said Gil Zimmerman, CEO and co-founder of CloudLock, in a statement. “As a business owner, why would you want to get in their way?”

CloudLock commissioned the survey, which also found that nearly one-third of IT respondents said they had knowingly ignored a security policy/best practice in order to do their job. Only 16 percent of those in other professions said they had done so.

The survey echoes a similar study performed recently by CipherCloud, which found that unsanctioned use of cloud applications is widespread. According to CipherCloud, the average global enterprise uses more than 1,100 cloud applications, with the typical North American enterprise using more than 1,245. However the study found that 86 percent of cloud applications used by enterprises are unsanctioned ‘shadow IT’.

Likewise, a survey last year from the Cloud Security Alliance (CSA) argued that many enterprises underestimate the number of cloud applications their employees are running as well.

“Rampant cloud adoption has given shadow IT a far bigger footprint than previously recognized,” said Pravin Kothari, founder and CEO of CipherCloud, in a statement. “This introduces a multi-pronged problem for companies. It is hard, if not impossible, to protect against something you cannot see. And worse, each unsanctioned application is a vehicle for introducing a host of other risks into the enterprise.”

The bring-your-own device trend continues to pose challenges as well. According to the CloudLock study, nearly a third of people have downloaded an application on their personal devices that they needed to log into with their work/network credentials. For IT pros, that number jumps to 53 percent.

Advertisement. Scroll to continue reading.

“Companies need to allow employees to work how they want to work and arm them with the tools needed to drive company innovation, collaboration and ultimately growth while providing broad guardrails to ensure critical company assets are protected,” said Zimmerman.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.