News Feature | September 9, 2014

Are Your Clients In Danger From Shadow Cloud Services?

Christine Kern

By Christine Kern, contributing writer

Shadow Cloud Services Danger

VARs and MSPs Need to Be Aware of What Their Customers Are Actually Using

The rise of Shadow IT situations has created a new challenge in the IT world. Shadow cloud services now pose a growing risk to enterprises, as SaaS (Software-as-a–Service) apps are growing rapidly and can jeopardize enterprises if they are not addressed. 

Employees who bypass company-approved technologies to use shadow cloud services are putting the overall company and network at risk for more data breaches, compliance failures, and a loss of integrity during business transactions, according to PricewaterhouseCoopers (PwC).

IT departments have been able to reduce some shadow IT problems by instituting policies surrounding the bring-your-own-device (BYOD) trend, but as cloud computing continues to gain popularity and more employees use the cloud on their personal devices, shadow cloud has added a new level of risk.

“The culture of consumerization within the enterprise — having what you want, when you want it, the way you want it, and at the price you want it — coupled with aging technologies and outdated IT models, has propelled cloud computing into favor with business units and individual users,” PwC states in the report.

“(Shadow cloud) is harder to find, because it is being procured at small cost and is no longer operating within the bounds of the company,” Cara Beston, cloud risk assurance leader at PwC, says in Computerworld.

Some typical use cases for shadow cloud services include collaboration software, storage, customer relationship management apps, and human resources. The SaaS delivery model allows business units and workgroups to quickly deal with business process challenges without having to wait for IT to help out. The fact that the cost for such services is usually an operating expense rather than a capital expense is another advantage.

Risks include inadvertent exposure of regulated data, improper access and control over protected and confidential data and intellectual property and breaching of rules pertaining to how some data should be handled. The PwC report also adds that shadow cloud use can increase overall operating costs, in part due to the additional security and compliance risks.

In his blog post “Rogue Apps: From Customer Headache To Recurring Revenue Boon,” Business Solutions editor in chief Mike Monocello provides VARs with perspective on the opportunity created by businesses struggling to get unauthorized apps under control: “If you’re not selling services, offering something like this could be a great first step, or wedge. A wedge product or solution forces open the door to new customers or, more importantly to break-fix VARs, allows you to upsell a service to existing customers. Indeed, an application discovery and management tool might be a simple-to-understand, affordable, and valuable service you can offer customers and dip your toes in the as-a-Service pool.”