More than two-thirds (67 per cent) of organizations admit that unauthorized cloud applications are being implemented without IT’s knowledge or involvement, and correspondingly pose a security risk to the business. This is according to a snapshot poll by Centrify, the leader in unified identity management across cloud, mobile and data center, at Cloud Expo Europe last week in London.

As Shadow IT becomes a bigger challenge for businesses – with employees downloading applications without going through a formal IT procurement process – around 40 per cent of respondents said that between 10-20 per cent of cloud services are now being purchased outside of IT. A fifth admitted that between 10-20 per cent of cloud applications are being implemented without any knowledge or involvement from IT, while half of respondents believed it was less than 10 per cent.

“It probably seems like an easy solution for people looking to cut corners and avoid having to go through the formal process of getting IT approval,” says Barry Scott, CTO EMEA at Centrify. “The problem is that so much cloud-based software is easily available and requires no IT skills whatsoever to manage, so staff are just downloading the tools they like or that will help in their work, without considering the risks.

“While half of our poll respondents were confident that less than 10 per cent of applications were being implemented without their knowledge, they are likely to be underestimating the extent of shadow IT in their organization. Without the necessary controls and security policies in place, including passwords and authentication, unauthorized cloud apps are opening up corporate data to the risk of compromise,” adds Scott.

Visitors to the Centrify stand at Cloud Expo were also asked to estimate how much time they spend managing unauthorized cloud applications – 42 per cent said between 1-2 hours per week, while 21 per cent said between 2-5 hours per week.