Connect with us

Hi, what are you looking for?


Cloud Security

Many IT Pros Ignore Security Policy in Order to Do Their Jobs: Survey

Just like clouds can hide sunshine, they can also hide user activity from the security controls deployed by the business in the world of IT.

Just like clouds can hide sunshine, they can also hide user activity from the security controls deployed by the business in the world of IT.

According to a survey of 1,000 consumers by ResearchNow, a third of the IT professionals and administrators said they had downloaded an application they were not authorized to use on a corporate device in order to do their job. That number compared to just 15 percent of respondents overall. In addition, 67 percent of IT pros and administrators admitted to downloading an app they use for work on a personal device such as a phone, laptop or tablet.

“It is clear that employees, in particular the IT department, only want to do the very best for their companies and will seek out ways to be more efficient and produce quality work,” said Gil Zimmerman, CEO and co-founder of CloudLock, in a statement. “As a business owner, why would you want to get in their way?”

CloudLock commissioned the survey, which also found that nearly one-third of IT respondents said they had knowingly ignored a security policy/best practice in order to do their job. Only 16 percent of those in other professions said they had done so.

The survey echoes a similar study performed recently by CipherCloud, which found that unsanctioned use of cloud applications is widespread. According to CipherCloud, the average global enterprise uses more than 1,100 cloud applications, with the typical North American enterprise using more than 1,245. However the study found that 86 percent of cloud applications used by enterprises are unsanctioned ‘shadow IT’.

Likewise, a survey last year from the Cloud Security Alliance (CSA) argued that many enterprises underestimate the number of cloud applications their employees are running as well.

“Rampant cloud adoption has given shadow IT a far bigger footprint than previously recognized,” said Pravin Kothari, founder and CEO of CipherCloud, in a statement. “This introduces a multi-pronged problem for companies. It is hard, if not impossible, to protect against something you cannot see. And worse, each unsanctioned application is a vehicle for introducing a host of other risks into the enterprise.”

The bring-your-own device trend continues to pose challenges as well. According to the CloudLock study, nearly a third of people have downloaded an application on their personal devices that they needed to log into with their work/network credentials. For IT pros, that number jumps to 53 percent.

Advertisement. Scroll to continue reading.

“Companies need to allow employees to work how they want to work and arm them with the tools needed to drive company innovation, collaboration and ultimately growth while providing broad guardrails to ensure critical company assets are protected,” said Zimmerman.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.


People on the Move

Data security startup Reco adds Merritt Baer as CISO

Chris Pashley has been named CISO at Advanced Research Projects Agency for Health (ARPA-H).

Satellite cybersecurity company SpiderOak has named Kip Gering as its new Chief Revenue Officer.

More People On The Move

Expert Insights