Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

4/30/2019
10:30 AM
Larry Loeb
Larry Loeb
Larry Loeb
50%
50%

Shadow IT & Unsecured Data Still Rampant Within the Digital Workplace

The digital workplace is full of opportunities for improvement.

Igloo software created a report in 2018 about how the digital workplace was changing, The State of the Digital Workplace. This year, they revisited the topic, and asked some of the same questions.

They polled 2,000 individuals at companies with more than 250 employees, and compared the answers to last year's.

Some interesting results were shown. Survey respondents highlighted four main focus areas that suggest the worth of an investment in a digital workplace platform will be shown in how it centralizes communication, collaboration, knowledge management, as well as improving overall culture and employee engagement.

The survey found approximately seven in ten employees (69%) who work remotely report that they are dealing with challenges they do not think that they would encounter in an office setting.

Fifty-six percent of those surveyed said they have missed out on important information, 54% have been excluded from meetings and 43% have found certain people or groups inaccessible as a result of working away from the office.

There is an inverse relationship between employee seniority and working remotely. Junior employees are more likely to work at an office location than directors and above who report an 80% level of working remotely at least once per week.

Ninety-one percent of employees feel confident their knowledge-sharing tools would only allow access to authorized individuals. Yet employee behavior is risky when it comes to sharing sensitive or private information. Sixty-nine percent admit to using email to store or share this information, 26% have used instant messaging and just 14% use secure FTP.

As for shadow IT, where employees use their own apps and infrastructure, 50% said they used an application or piece of software not approved by their companies. Fifty-five percent of these employees said they did so because it could not be monitored or tracked by their companies, and 62% said they use unsanctioned apps because of their ease of use.

Indeed, 76% of respondents say that using their own apps saves them between one and three hours per week.

If an enterprise undertakes a thorough audit of both approved and non-approved technology that is used by their employees, they may learn greatly about the day-to-day functions that are being practiced. There are probably going to be ways to do things better hiding in there as well.

In 2019, 81% of those surveyed said they have used their company's intranet within the previous week, which is up from 75% the previous year.

There has also been an increase over last year in employees reporting difficulty finding the right documents. Forty-three percent of employees have avoided sharing a document with a colleague because they couldn't find it or believed it would take too long to find, up 12% from last year's 31%.

Thirty-five percent of entry-level employees have avoided sharing a document for this reason as compared to 46% of manager-level employees and 53% of director-level and above (director, VP, President, and C-Suite).

So, the digital workplace is full of opportunities for improvement, including better support of remote workers, keeping information secure and making documents easy to access across an increasingly connected workforce.

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Attacker Dwell Time: Ransomware's Most Important Metric
Ricardo Villadiego, Founder and CEO of Lumu,  9/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20902
PUBLISHED: 2020-10-01
Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. The affected versions are from before version 3.4.6 and from 3.5.0 before 3.5.1.
CVE-2019-20903
PUBLISHED: 2020-10-01
The hyperlinks functionality in atlaskit/editor-core in before version 113.1.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in link targets.
CVE-2020-25288
PUBLISHED: 2020-09-30
An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input's pattern attribute allows HTML injection and, if CSP settings permit, execution of arbitra...
CVE-2020-25781
PUBLISHED: 2020-09-30
An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly.
CVE-2020-25830
PUBLISHED: 2020-09-30
An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bug_actiongroup_page.php.