Shadow Cloud Services a serious risk for Government Networks

Cloud Security Alliance revealed that shadow cloud service used by employees and unmanaged by IT can pose a major security problem for organizations.

Last month, Cloud Security Alliance found out that shadow cloud service used by employees and unmanaged by IT can pose a major security problem for organizations.

Based on the survey, mostly half of respondents have stated that their main fear relates to the violations of corporate data in the cloud.  The threat posed by shadow cloud services is critical, it has serious repercussions on data security, business continuity and regulatory compliance. Security analysts have warned about how the growing use of a collection of web services, including cloud-hosted collaboration, file sharing, storage and social media services, that can expose to data leakages and data breaches company data leaks. The adoption of shadow cloud services is among the causes that can result in data exfiltration, malware infections and compliance problems.

Skyhigh Networks has recently conducted a survey that involved 200,000 employees working for organizations in the public sector based in U.S and Canada.  The study found out that there is some 721 cloud service operation running inside government organizations, but the IT departments are aware only for the eight percent of them.

Shadow cloud services represent a serious risk to both government organizations and private companies.

 “The past few years have marked a paradigm shift in IT’s role, from provider to enabler. This survey, the largest of its kind, illustrates that companies are aware of the consumerization of IT but have room to more proactively address the security concerns of cloud adoption” said Rajiv Gupta, CEO of Skyhigh.

Microsoft’s Office 365, Yammer and Hotmail were among the most popular collaboration services used by the employees working in the public sector.

The most commonly accessed file-sharing services included Dropbox, Box, Hightail and Google Drive, these cloud services are used by employees to store sensitive data a behavior that enlarge the surface of attack for government organizations.

The experts explain that also social media platforms and cloud-hosted collaboration platforms could expose government entities to cyber attacks id not properly managed.

According to Skyhigh the most popular social media services included Facebook, Twitter, LiveJournal and LinkedIn, meanwhile development services like GitHub and SourceForge are used by almost the totality of employees.

In some cases, the use of these services was approved by IT, but while in many other cases they were not with a significant impact on the security posture of the organizations.

“Government organizations tend to think of themselves as somehow different,” from private companies on the security front, said Rajiv Gupta.  “What we found is there is as much risk of shadow IT in government as any other organization. People are people. They want to do things more efficiently.” In many cases, cloud services help them do that, with or without the IT organization’s help, he says.

It is very interesting to note that government IT has no idea of the shadow cloud services used by employees, this assertion is confirmed by data related to the apparent gap that exists between the perceived use of such services within public sector organizations and their actual use.


For instance, when IT managers were asked to estimate DropBox use within their organizations, the average number tended to be around 16 percent. Actual use was much higher at 80 percent. Similarly, the gap between perceived and actual use of Apple’s iCloud was a remarkable 42 percent.” reports the Dark Reading in a blog post.

The data presented demonstrates that government IT has to improve the management of internal services with a specific focus on shadow cloud services.

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2021

We are in our 9th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.