CIOs worried cloud computing and shadow IT creating security risks

Shadow IT and loss of control over IT management causing concerns for CIOs, warns Fruition Partners report

The vast majority of CIOs are worried that cloud computing is reducing their organisation's control over IT and creating long-term security risks.

That's according to an independent survey of UK CIOs from enterprises with over 1,000 employees by market researchers at Vanson Bourne on behalf of Fruition Partners. The research found that 84 per cent of CIOs are worried that cloud is causing them to lose control over IT.

Nonetheless, many CIOs see the benefits of using cloud computing and are in the process of migrating more and more of their services into the cloud.

The survey also reveals that 89 per cent of CIOs don't apply the same IT service management (ITSM) processes to services running in the public cloud as they do for IT services that have been built in-house.

A lack of maturity surrounding cloud computing has also led to unsanctioned use of shadow IT services within organisations, something that 89 per cent of CIOs surveyed feel presents a long-term security risk for the business.

Indeed, 60 per cent of CIOs surveyed said there was an increasing culture of "shadow IT" in their organisations and 79 per cent believe that there are cloud applications in use that IT does now know about, creating security challenges for the IT department.

"CIOs need to remember that while the availability of public cloud services may mean they need to provide fewer IT services themselves, it doesn't reduce the need for the management of those services," said Paul Cash, MD, Fruition Partners UK, who argued "the need for rigorous management actually increases".

"Of course, you should expect public cloud services to work faultlessly, however you'd be crazy to blindly trust that they will, without managing and monitoring how those services are delivered to the business," he continued.

When it comes to managing cloud services, "IT departments should still be managing them internally rather than handing over all responsibility to cloud providers", said Cash.

"By failing to apply the established ITSM principles to cloud that they use to manage in-house IT services, CIOs are losing control of IT and increasing the risks and costs to the business," he added.

According to the survey, in-house IT services are managed by a combination of six established ITSM processes. In comparison, public cloud-based services are on average subject to only three ITSM processes.

It's a stat that Fruition Partners suggests demonstrates "a 50 per cent reduction in the maturity of IT service management".

Speaking earlier this year, Christopher Millard, professor of privacy and information law at Queen Mary University, London, warned that the growth of cloud computing raises "unsettling" questions over online privacy and security.