Please ensure Javascript is enabled for purposes of website accessibility

Cloud Computing and the Risks of Shadow IT

Cloud Computing and the Risks of Shadow IT

We’ve written at length about the many benefits that cloud computing can bring to your business, such as lower costs, faster time-to-delivery, improved reliability, improved scalability, etc. However, with all of these benefits come risks that many businesses ignore or don’t even realize are present. The proliferation of inexpensive (or free, which can present its own set of problems) browser-based cloud services and solutions allows business users to effectively be independent of any business or IT oversight, creating what is commonly called “Shadow IT.”

Technology consulting firm PricewaterhouseCoopers (PwC), in a recently published report, stated “the culture of consumerization within the enterprise — having what you want, when you want it, the way you want it, and at the price you want it — coupled with aging technologies and outdated IT models, has propelled cloud computing into favor with business units and individual users.” The risks from shadow IT include issues with data security, transaction integrity, business continuity and regulatory compliance, technology and service (and cost) redundancies, among many other risks.

Business users often blame IT for being too rigid and slow to respond to changing business needs. IT providers – whether in-house or outsourced – are tasked with long-term IT sustainability, manageability, solution compatibility, and support; in other words, long-term, cost-effective IT strategy. Complex IT infrastructures require careful planning in order to ensure changes are well-integrated with existing systems and processes. Business users who want a solution now often skip through a lot of the due-diligence that would normally fall to the IT department, and forget to think about things such as security and proper service level agreements when looking at cloud providers.

Take, for example, Dropbox, the popular file-sharing and synchronization solution. Dropbox is extremely powerful and has a free/basic option that provides users with 2 GB of storage. A lot of business data can be stored in 2 GB! The recently-announced improvements to Dropbox Pro, the lowest-cost paid tier of service, allows users to store 1 TB of data in the cloud for $99.99/year. A departing or disgruntled employee could, with 1 TB of storage, copy most or all of your business data off-site and you’d never know it! We at Colden Company have seen many business users using the consumer-focused Dropbox Basic plan for business files, but what works for family pictures may not be the best solution for business files, opening the business to unacceptable security, legal, and financial risk.

Consider just a few of the risks something as seemingly innocuous as Dropbox file syncing can present to your business.

  • Data theft – Business owners may not know when Dropbox is installed, and are unable to control what data employees are creating on or synchronizing to personal devices (smartphones, tablets, personal computers, etc.). These personal devices exponentially increase the risk of business data falling into the wrong hands.
  • Data loss – Dropbox allows employees to create – and delete – data on the service that does not synchronize to any in-house (i.e. backed-up) source. Dropbox has some built-in backup and recovery features, but they are insufficient for most business data retention needs.
  • Law suits and compliance violations – Companies in regulated industries face a real risk of becoming non-compliant with data security and privacy obligations without even realizing it. Dropbox offers the ability for users to share data from the service with anyone and offers limited in-service file access controls for shared Dropboxes.
  • Security – Dropbox does not encrypt any locally or cloud-stored data.

While we are using Dropbox as an example, the same risks are present for many free or inexpensive cloud services that can be easily implemented without business or IT oversight. Other services that can present business exposure include data sync and sharing services such as Box, Google Drive (Docs), or Microsoft OneDrive; cloud backup services such as Carbonite, Mozy, or CrashPlan; or even business solutions that can contain critical data such as, Microsoft Dynamics, or Basecamp.

The good news for business owners is that there are cost-effective alternatives to all of the above-listed services/solutions that can be managed by business owners and IT providers. By reviewing the business needs of users and working in conjunction with your IT provider, a managed, secure, and reliable solution that is well-integrated with your existing IT investments can always be identified. Whether it’s file synchronization, backup, remote data access, CRM, or any cloud solution, shadow IT will put your business at unnecessary risk.

Work with Colden Company to reduce the risk of shadow IT by allowing us to identify carefully tested, secure, and integrated solutions for your cloud service needs. Protect your existing IT investments and your business by taking control with a trusted IT advisor. Contact your trusted IT advisor at 888-600-4560, via email at, or via Facebook or Twitter.



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© 2023 Colden Company