Eighty per cent of employees are potentially putting their companies at risk through use of unauthorised Software-as-a-Service (SaaS) applications on corporate networks.
The extent of so-called "shadow IT" is revealed in a study for McAfee by Frost & Sullivan's Stratecast division, which surveyed IT decision-makers across the globe.
Defined in the report as "applications used by employees for business that have not been approved by the IT department or obtained according to IT policies", shadow IT is rarely installed with malicious intent, but rather because staff believe it to be a more efficient means of doing their jobs.
Productivity applications such as Microsoft Office 365 and Google Apps are regularly installed, while storage applications including Dropbox and Apple iCloud are often adopted as a simple means of transferring or backing up data.
However, employees need to be mindful of unauthorised tools' potential to compromise data security, compliance and availability, said Lynda Stadtmueller, programme director of the Cloud Computing analysis service at Stratecast.
"Without appropriate knowledge, non-technical employees may choose SaaS providers or configurations that do not measure up to corporate standards for data protection and encryption," she continued.
"They may not realise that their use of such applications may violate regulations concerning handling and storage of private customer data, leaving the company liable for breaches." Stadtmueller added.
Pat Calhoun, general manager of network security at McAfee, believes the sheer number of employees who admit to using non-approved applications means IT departments should do more to monitor what staff are installing on corporate networks.
"With over 80 per cent of employees admitting to using non-approved SaaS in their jobs, businesses clearly need to protect themselves while still enabling access to applications that help employees be more productive," he said.
"The best approach is to deploy solutions that transparently monitor SaaS applications (and other forms of web traffic) and uniformly apply enterprise policies, without restricting employees' ability to do their jobs better," he continued.
"These not only enable secure access to SaaS applications, but can also encrypt sensitive information, prevent data loss, protect against malware, and enable IT to enforce acceptable usage policies," Calhoun concluded.
However, IT departments may not nessessarily need to fight against the proliferation and may in fact be better off helping staff manage shadow IT applications. The fact is employees are taking advantage of such tools because they find them more efficient or easier to use and could therefore be boosting corporate output.
"Office workers note they are often circumventing the IT department to buy cloud services to work more effectively for the good of the company," said Joe Baguley, CTO at VMware.
"The IT department has reached a tipping point where it's no longer an option to ignore the reality of off-radar cloud spend. IT decision-makers need to embrace it, providing the flexibility that staff require, while managing it in a way that is suitable and secure for the business."
The McAfee-Stratecast survey questioned more than 600 IT and line of business decision-makers or influencers in North America, the UK, Australia and New Zealand.
By eliminating high entry costs for big data analysis, you can convert more raw data into valuable business insight.
A discussion of the "risk perception gap", its implications and how it can be closed