iLocal News Archives

Survey: Many companies are ignoring the risks of ‘Shadow IT’


By Stephanie Forshee, From Corporate Counsel

Employees commonly use cloud-based services such as Evernote and Dropbox to share their work, even though these activities often haven’t been sanctioned by the employer’s IT department. This sort of unsanctioned information sharing, known as “shadow IT,” can lead to inadvertent exposure of confidential corporate information. But many companies aren’t addressing the risks, according to a new study from legal services provider Consilio, “Risks of Cloud Apps and Shadow IT in the Workplace.”

Of the 148 legal technology professionals interviewed for the survey, more than 25 percent of respondents’ organizations “rarely” or “never” actively address security risks associated with shadow IT, while 45 percent cite that their organization addresses these risks “sometimes” and 26 percent commit to this process “very often.”

These findings confirmed what Consilio managing director John Loveland says he’s seen firsthand the last few years. “Many organizations are enabling shadow IT to enter their daily business operations without enough concern about the risks of these platforms,” he says.

This absence of oversight is concerning when you consider that 55 percent of respondents also note that workplace data stored on cloud applications is “often” or “almost always” considered in legal or investigatory matters. Loveland points out that if an organization is faced with litigation, not having proper security measures in place for shadow IT can make e-discovery a more “complicated and expensive” process.

So what can IT departments do? Loveland recommends identify a handful of useful cloud-based services and then put controls in place around them. “Certain applications provide little value with a lot of risk; you should probably take steps to block those applications,” he says.

Respondents reported that they believe the other biggest risks tied to shadow IT are: theft of intellectual property (39 percent), regulatory compliance failures (26 percent), the inability to adequately identify relevant data for e-discovery (25 percent), service outages (21 percent) and the inadequate application of document retention (16 percent).

Consilio conducted the survey last month during the LegalTech conference in New York City, hosted by Corporate Counsel parent company ALM Media.

IMAGE:Erik Khalitov / iStock

Read more:


Your email address will not be published. Required fields are marked *