Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

4/30/2019
10:30 AM
Larry Loeb
Larry Loeb
Larry Loeb
50%
50%

Shadow IT & Unsecured Data Still Rampant Within the Digital Workplace

The digital workplace is full of opportunities for improvement.

Igloo software created a report in 2018 about how the digital workplace was changing, The State of the Digital Workplace. This year, they revisited the topic, and asked some of the same questions.

They polled 2,000 individuals at companies with more than 250 employees, and compared the answers to last year's.

Some interesting results were shown. Survey respondents highlighted four main focus areas that suggest the worth of an investment in a digital workplace platform will be shown in how it centralizes communication, collaboration, knowledge management, as well as improving overall culture and employee engagement.

The survey found approximately seven in ten employees (69%) who work remotely report that they are dealing with challenges they do not think that they would encounter in an office setting.

Fifty-six percent of those surveyed said they have missed out on important information, 54% have been excluded from meetings and 43% have found certain people or groups inaccessible as a result of working away from the office.

There is an inverse relationship between employee seniority and working remotely. Junior employees are more likely to work at an office location than directors and above who report an 80% level of working remotely at least once per week.

Ninety-one percent of employees feel confident their knowledge-sharing tools would only allow access to authorized individuals. Yet employee behavior is risky when it comes to sharing sensitive or private information. Sixty-nine percent admit to using email to store or share this information, 26% have used instant messaging and just 14% use secure FTP.

As for shadow IT, where employees use their own apps and infrastructure, 50% said they used an application or piece of software not approved by their companies. Fifty-five percent of these employees said they did so because it could not be monitored or tracked by their companies, and 62% said they use unsanctioned apps because of their ease of use.

Indeed, 76% of respondents say that using their own apps saves them between one and three hours per week.

If an enterprise undertakes a thorough audit of both approved and non-approved technology that is used by their employees, they may learn greatly about the day-to-day functions that are being practiced. There are probably going to be ways to do things better hiding in there as well.

In 2019, 81% of those surveyed said they have used their company's intranet within the previous week, which is up from 75% the previous year.

There has also been an increase over last year in employees reporting difficulty finding the right documents. Forty-three percent of employees have avoided sharing a document with a colleague because they couldn't find it or believed it would take too long to find, up 12% from last year's 31%.

Thirty-five percent of entry-level employees have avoided sharing a document for this reason as compared to 46% of manager-level employees and 53% of director-level and above (director, VP, President, and C-Suite).

So, the digital workplace is full of opportunities for improvement, including better support of remote workers, keeping information secure and making documents easy to access across an increasingly connected workforce.

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32089
PUBLISHED: 2021-05-11
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered on Zebra (formerly Motorola Solutions) Fixed RFID Reader FX9500 devices. An unauthenticated attacker can upload arbitrary files to the filesystem that can then be accessed through the web interface. This can lead to information disclosure and c...
CVE-2020-24586
PUBLISHED: 2021-05-11
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted us...
CVE-2020-24587
PUBLISHED: 2021-05-11
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and...
CVE-2020-24588
PUBLISHED: 2021-05-11
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802....
CVE-2020-26139
PUBLISHED: 2021-05-11
An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and...