Service Provider Cloud

IT Departments: Losing Control, Still Getting Blamed

IT departments are losing control of IT infrastructure -- but still often get blamed when things go wrong, according to several recent studies.

More than half of corporate data stored in a cloud environment isn't managed or controlled by IT (53%), up from 47% in 2016 and 44% in 2015, according to a study by the Ponemon Institute LLC , commissioned by security vendor Gemalto .

Some 43% of respondents said they're not confident they know all the cloud services in their organizations, compared with 46% in 2016 and 55% in 2015.

Source: Ponemon Institute study commissioned by security vendor Gemalto.
Source: Ponemon Institute study commissioned by security vendor Gemalto.

You're invited to attend Light Reading's Big Communications Event  – the one event that delivers fresh perspective on the rapid transformation of the telecom industry and the road ahead. We'll see you May 14-16 in Austin – communications service providers get in free!

The research surveyed 3,285 IT and IT security pros in the US, UK, Australia, France, Japan, India and Brazil.

According to the study, some 79% of IT pros say cloud computing apps and platforms are very important or important to business operations today, and that's expected to rise to 87% in two years.

Who's responsible for protecting that data? That's unclear -- only 46% of respondents say their organizations have clearly defined roles and accountability for safeguarding confidential or sensitive information in the cloud.

Half of respondents believe that payment information (54%) and customer data (49%) are at risk in the cloud, according to a statement from Gemalto. And more than half of respondents think cloud computing increases compliance risk.

My colleague Scott Ferguson looked at the study from a security perspective here: GDPR, Cloud Changing Security Pros' Priorities – Report

There's more bad news. One third of employees surveyed by A10 Networks Inc. knowingly use applications their companies forbid (30%), according to a blog post from that company. More than half of those surveyed claim "everybody does it" (51%), while around a third (36%) say the IT department doesn't have the right to tell them what apps they can't use.

Why do the employees use forbidden apps? One third (33%) of respondents claim IT doesn't give them the apps they need to get the job done.

And yet, despite the lack of control, IT is frequently blamed for problems. Some 39% of respondents surveyed by security company Netwrix say their own IT staff get blamed for attacks, according to a statement from that vendor. Overall, 45% of organizations perceive their own employees to be the biggest security risk, even though the majority of attacks those companies experienced were external. Companies blame business users 33% of the time, and cloud providers 33%.

Related posts:

— Mitch Wagner Follow me on Twitter Visit my LinkedIn profile Visit my blog Follow me on Facebook Editor, Enterprise Cloud News

Page 1 / 2   >   >>
[email protected] 1/30/2018 | 12:22:08 PM
Re: Cloud all the things Sad but I have seen it too, at times it has been used as a way to try out something with little success and then blame it on the vendor only to garner more internal funds for a department. The political shell game can be brutal.
Joe Stanganelli 1/30/2018 | 10:17:05 AM
Re: Cloud all the sites @kq4ym: This is an issue that transcends IT. Many organizations -- and bosses -- try to get employees in various roles to do far more work than their role actually entails. Many organizations also have a lot of interdepartmental overlap -- leading to "dotted-line" and "diagonal-line" bosses, overlapping jurisdictions, and turf wars.
kq4ym 1/30/2018 | 9:43:43 AM
Re: Cloud all the sites Interesting how the security issues still remain while a bit of perhaps "confusion" reigns as "only 46% of respondents say their organizations have clearly defined roles and accountability," when using cloud services. It's going to be apparentlhy still take some more time to get all the folks on the same pages as the cloud grows more important day by day.
Joe Stanganelli 1/28/2018 | 10:38:06 PM
Re: Cloud all the sites @Michelle: Don't get me wrong; I'm all for basic human decency and respect (as, I would hope, we all are). At the same time, however, the IT department is a service organization (just like Legal, HR, and many others) -- and if it fails to deliver, it's the one that is ultimately responsible for those failures to users/relevant stakeholders -- not to mention to the business as a whole.

Put another way: It's 2018; if IT fails, the business fails.

Michelle 1/28/2018 | 4:37:27 PM
Re: Cloud all the sites Ahh, I see. I have seen IT departments shrug and say "not my faul", but I didn't have them in mind. Some folks are educated on how systems work and who is responsible and still treat IT poorly because they want an instant fix. 
Joe Stanganelli 1/27/2018 | 10:50:40 PM
Re: Cloud all the sites @Michelle: Agreed and in a way disagreed.

Agreed with your main points and the essence of your argument, but at the same time, it's IT's job to educate and evangelize as to what they do and the importance of what they do. Otherwise, if all they're going to do is shrug their shoulders and say "vendor issues", they kinda deserve all the outrage they get.
Joe Stanganelli 1/27/2018 | 10:49:00 PM
Re: Cloud all the things @maryam: It's popular. I know companies whose primary reason for hiring vendors to perform work they could do in-house is so that they have an easy scapegoat if something goes wrong.
Michelle 1/26/2018 | 8:32:27 PM
Re: Cloud all the sites I have heard blamers be dismissive over vendor-specific issues. They don't understand how the IT department is connected to the vendor and have no patience to wait on a fix. It's sad to see adults act this way.
[email protected] 1/26/2018 | 6:41:28 PM
Re: Cloud all the things Whenever there is an issue there is always a rush to blame someone in the organization. Whether the vendor is to blame or the actual functional group the fingers get pointed very quickly and there is very little done to address the actual root cause of the issue and how to prevent it in the future. Blame should result in action, not in one group being punished and another feeling triumphant.
Joe Stanganelli 1/26/2018 | 5:42:43 PM
CISO reporting Marketing's needs are becoming so particularized such that there is no agility or business sense in running everything through IT, and yet there's no uniform management of marketing's (and other department's) solutions.

It is often bandied about that the CISO should no longer report to the CIO but should instead report to another officer in the organization. Maybe the CIO and others need to be reporting to the CISO!


Page 1 / 2   >   >>
Sign In