Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

4/30/2019
10:30 AM
Larry Loeb
Larry Loeb
Larry Loeb
50%
50%

Shadow IT & Unsecured Data Still Rampant Within the Digital Workplace

The digital workplace is full of opportunities for improvement.

Igloo software created a report in 2018 about how the digital workplace was changing, The State of the Digital Workplace. This year, they revisited the topic, and asked some of the same questions.

They polled 2,000 individuals at companies with more than 250 employees, and compared the answers to last year's.

Some interesting results were shown. Survey respondents highlighted four main focus areas that suggest the worth of an investment in a digital workplace platform will be shown in how it centralizes communication, collaboration, knowledge management, as well as improving overall culture and employee engagement.

The survey found approximately seven in ten employees (69%) who work remotely report that they are dealing with challenges they do not think that they would encounter in an office setting.

Fifty-six percent of those surveyed said they have missed out on important information, 54% have been excluded from meetings and 43% have found certain people or groups inaccessible as a result of working away from the office.

There is an inverse relationship between employee seniority and working remotely. Junior employees are more likely to work at an office location than directors and above who report an 80% level of working remotely at least once per week.

Ninety-one percent of employees feel confident their knowledge-sharing tools would only allow access to authorized individuals. Yet employee behavior is risky when it comes to sharing sensitive or private information. Sixty-nine percent admit to using email to store or share this information, 26% have used instant messaging and just 14% use secure FTP.

As for shadow IT, where employees use their own apps and infrastructure, 50% said they used an application or piece of software not approved by their companies. Fifty-five percent of these employees said they did so because it could not be monitored or tracked by their companies, and 62% said they use unsanctioned apps because of their ease of use.

Indeed, 76% of respondents say that using their own apps saves them between one and three hours per week.

If an enterprise undertakes a thorough audit of both approved and non-approved technology that is used by their employees, they may learn greatly about the day-to-day functions that are being practiced. There are probably going to be ways to do things better hiding in there as well.

In 2019, 81% of those surveyed said they have used their company's intranet within the previous week, which is up from 75% the previous year.

There has also been an increase over last year in employees reporting difficulty finding the right documents. Forty-three percent of employees have avoided sharing a document with a colleague because they couldn't find it or believed it would take too long to find, up 12% from last year's 31%.

Thirty-five percent of entry-level employees have avoided sharing a document for this reason as compared to 46% of manager-level employees and 53% of director-level and above (director, VP, President, and C-Suite).

So, the digital workplace is full of opportunities for improvement, including better support of remote workers, keeping information secure and making documents easy to access across an increasingly connected workforce.

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31923
PUBLISHED: 2021-09-24
Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation.
CVE-2021-41581
PUBLISHED: 2021-09-24
x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks '\0' termination.
CVE-2021-41583
PUBLISHED: 2021-09-24
vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14, as packaged for Debian 10, Debian 11, and Fedora, allows remote authenticated users to obtain OS filesystem access, because of the interaction of QR codes with an exec that uses the -r option. This can be leveraged to obtain additional VP...
CVE-2021-41584
PUBLISHED: 2021-09-24
Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header.
CVE-2020-19949
PUBLISHED: 2021-09-23
A cross-site scripting (XSS) vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML.