Enterprise cloud adoption has reached maturity, but employees using cloud apps continue to display reckless tech habits that put their employers at risk, according to a new study by IT consultancy Softchoice.
For security admins, it may be old cliche of poor password security, but the research found that as many as one in five employees are still keeping passwords on sticky notes in plain sight. one in four keep them in an unprotected document, and one in five lost work devices that were not password protected.
And access to the cloud seems to amplify reckless behaviour: cloud app users are two times more likely to engage in sloppy behaviour such as keep passwords on sticky notes in plain sight, store passwords on unprotected shared drives or docs, access files from an unprotected device, or lose a device with access to work files.
> See also: The great IT myth: is cloud really less secure than on-premise?
Employees who use cloud-based apps are also a whopping ten times more likely to shun the IT approved app for an unsanctioned one they download themselves. They are four times more likely to access work files outside the office through a program IT doesn’t know about: one in three cloud app users have downloaded an app without letting their IT department know.
Although cloud is now thoroughly engrained in the enterprise, there still seems to be a lack of proper training around cloud app use leading to an inadequacy of cyber security awareness in the workplace.
The study found 58% of full-time employees haven’t been trained on the right way to download and use cloud apps. 39% haven’t been told the risks of downloading apps without IT’s knowledge, and 44% of all employees have not been told how to securely transfer corporate data.
'Risky behavior and data vulnerabilities are almost guaranteed to persist without adequate education on the apps, platforms and IT tools employees use,' said the report authors. 'Training – bolstered by regular communications and resources to reinforce the do’s and don’ts – will help employees to correct their bad user behavior, help them see the benefits of using the tools IT provides, and help them to understand the risks of shadow IT and why certain popular consumer apps don’t belong in the workplace.'
While employees gain a better understanding of IT through training and communications, IT also needs to better understand employee behaviors and preferences, experts agree.
Motivations for breaking the security rules differ based on age, with younger users more likely to go rogue by their senior colleagues. Millennials say IT's versions of apps don't improve productivity, whereas Boomers tend to say they offer a poorer user experience.
To counteract this, organisations should assess what unsanctioned apps are being used in the organsation’s environment and engage employees to identify the reasons why they stray from using sanctioned apps and IT-approved procurement processes, said Softchoice.
> See also: How to use managed services to overcome the top 6 app security hurdles
'They can use shadow IT as a means to get closer to users, and be seen as a business enabler, by providing employees with a choice of enterprise-grade app options that meet employee needs around productivity, compatibility, and user experience.'
The number and variety of devices that employees use for work is on the rise. IT can also help by taking the hardware out of the equation by standardising the ‘safe list’ of vetted apps on an identity management platform, as part of a broader Enterprise Mobility Management strategy.
'Employees can then access all of their apps in one location, using a single password,' said the report. 'IT can consolidate cloud spend, monitor app use, and provision and deprovision users all from a single pane of glass – minimising risk to the organisation, while providing a user-friendly environment for all employees.'