theDocumentId => 751139 Shadow IT & Unsecured Data Still Rampant Within the ...

Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

4/30/2019
10:30 AM
Larry Loeb
Larry Loeb
Larry Loeb
50%
50%

Shadow IT & Unsecured Data Still Rampant Within the Digital Workplace

The digital workplace is full of opportunities for improvement.

Igloo software created a report in 2018 about how the digital workplace was changing, The State of the Digital Workplace. This year, they revisited the topic, and asked some of the same questions.

They polled 2,000 individuals at companies with more than 250 employees, and compared the answers to last year's.

Some interesting results were shown. Survey respondents highlighted four main focus areas that suggest the worth of an investment in a digital workplace platform will be shown in how it centralizes communication, collaboration, knowledge management, as well as improving overall culture and employee engagement.

The survey found approximately seven in ten employees (69%) who work remotely report that they are dealing with challenges they do not think that they would encounter in an office setting.

Fifty-six percent of those surveyed said they have missed out on important information, 54% have been excluded from meetings and 43% have found certain people or groups inaccessible as a result of working away from the office.

There is an inverse relationship between employee seniority and working remotely. Junior employees are more likely to work at an office location than directors and above who report an 80% level of working remotely at least once per week.

Ninety-one percent of employees feel confident their knowledge-sharing tools would only allow access to authorized individuals. Yet employee behavior is risky when it comes to sharing sensitive or private information. Sixty-nine percent admit to using email to store or share this information, 26% have used instant messaging and just 14% use secure FTP.

As for shadow IT, where employees use their own apps and infrastructure, 50% said they used an application or piece of software not approved by their companies. Fifty-five percent of these employees said they did so because it could not be monitored or tracked by their companies, and 62% said they use unsanctioned apps because of their ease of use.

Indeed, 76% of respondents say that using their own apps saves them between one and three hours per week.

If an enterprise undertakes a thorough audit of both approved and non-approved technology that is used by their employees, they may learn greatly about the day-to-day functions that are being practiced. There are probably going to be ways to do things better hiding in there as well.

In 2019, 81% of those surveyed said they have used their company's intranet within the previous week, which is up from 75% the previous year.

There has also been an increase over last year in employees reporting difficulty finding the right documents. Forty-three percent of employees have avoided sharing a document with a colleague because they couldn't find it or believed it would take too long to find, up 12% from last year's 31%.

Thirty-five percent of entry-level employees have avoided sharing a document for this reason as compared to 46% of manager-level employees and 53% of director-level and above (director, VP, President, and C-Suite).

So, the digital workplace is full of opportunities for improvement, including better support of remote workers, keeping information secure and making documents easy to access across an increasingly connected workforce.

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-37436
PUBLISHED: 2021-07-24
Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing pers...
CVE-2021-32686
PUBLISHED: 2021-07-23
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and ...
CVE-2021-32783
PUBLISHED: 2021-07-23
Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy rem...
CVE-2021-3169
PUBLISHED: 2021-07-23
An issue in Jumpserver 2.6.2 and below allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.
CVE-2020-20741
PUBLISHED: 2021-07-23
Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if t...