An overwhelming majority of UK CIOs (76%) don’t know how much their organisation is spending on cloud services, according to a new research report released today by Trustmarque, part of Capita plc. This is due to the increasing rise in employee-driven ‘cloud sprawl’ and ‘Shadow IT’, which are posing a significant challenge to businesses’ cloud adoption and overall data security.
54% of IT leaders admitted they don’t know how many cloud-based services their organisation has, blaming employees being able to sign up to these services easily making it difficult for them to know exactly how many subscriptions and services the company ‘owns’.
58% went on to say they were worried that costs could spiral out of control as a result of cloud sprawl. 86% said cloud sprawl and Shadow IT makes the ongoing management of cloud services a challenge, while almost half of CIOs (45%) argued that providers could do more to warn users about costs they’re incurring when using cloud services.
While 91% of IT decision makers are looking to migrate onto on-premise apps in the next 3-5 years, 59% fear these ambitions for cloud adoption will be slowed over a lack of control on how cloud services are deployed and managed.
This lack of control also means UK companies are exposing themselves to possible data breaches and not being compliant with legal, regulatory and contractual obligations. With the impending EU General Data Protection Regulation (GDPR), this could lead to a significant financial impact, with failure to comply carrying penalties of up to ˆ20m or 4% of global annual turnover.
James Butler, CTO at Trustmarque, said: “Cloud adoption is an unstoppable force, but as this research demonstrates there are still a number of challenges facing organisations. Forward planning is everything in IT and without suitable clarity into who is using what in the organisation, there could be a nasty surprise for IT bosses down the line. That’s not to mention the high potential costs associated with any data breach resulting from such unsanctioned use, as well as the impact of extra network congestion, and even excess mobile data charges.
“The self-service, user-friendly nature of the cloud has made it easy for employees to open cloud services and this is happening on a large scale. The first step towards best practice security is knowing where your data is at all times, and how it is being used. If it is residing in cloud repositories you don’t know about, this may be breaking internal policies and could land you in regulatory hot water – especially if it’s customer data.”
Phil McCoubrey, Head of Security Architecture at Capita, said: “These findings underline the extent to which British organisations must quickly appreciate the magnitude of the potential impact of GDPR. While the regulation clearly sets out that the personal responsibility and therefore accountability lies with managing data control, which is often a job of IT leaders, there is a worrying lack of action being taken by CIOs and GDPR may be difficult for companies to achieve if IT leaders don’t exactly know where employees are storing and sending business data. GDPR is an opportunity to strengthen data security processes and improve resilience, when it is needed more than ever but for those who haven’t adopted basic principles of the Data Protection Act, there is a lot of work to do.”
