The Dark Side Of Covert Clouds

By | June 14, 2013

Posted in: Network Security Trends

We know it happens all the time – employees want to get something done quickly, so they bypass the bureaucracy of their company’s IT department and with a couple of clicks go straight to the cloud. But by doing so, they greatly increase the risk of exposing the company’s network to malware.

A recent survey of IT professionals and office workers in Europe ( gave some indication of how widespread the practice of using the “covert cloud” is, and of how urgently companies need to adapt their security strategies.

VMware, which describes itself as “the global leader in virtualization and cloud infrastructure”, commissioned the research which polled 1,500 senior IT decision-makers and 3,000 employees across Europe.

“One of the most interesting trends that we noticed was that many businesses are actually embracing this trend as they know it’s fuelling innovation and boosting growth,” a VMware report said.

“In Europe, 37 percent of IT decision-makers think their staff have bought cloud services outside of the IT department, without getting the necessary permission,” the report said. “However, in firms where this has happened, nearly three-quarters of IT managers think that these ‘covert clouds’ can actually be beneficial to the business.”

The survey showed that many IT managers believed covert cloud spending could support business growth and innovation, and 38% said it allowed them to respond faster to client demands. “Tellingly, the research also highlights the fact that covert clouds are sometimes necessary to provide a solution that the ‘official’ IT department cannot – this was something over half of our respondents flagged,” VMware said.

But the report noted that covert clouds added another layer of complexity to an IT team’s struggle to manage security within a business.

“With these clouds hosted outside of corporate boundaries, 48 percent of IT managers in Europe expressed concern that off-radar cloud spend escalates security risks,” it said. “This can then lead to a conflict between departments who want IT flexibility, and IT teams needing to maintain control to ensure compliance with security policies... Covert clouds can present a serious threat to a business through data leakage and a lack of compliance with regulatory standards if they are not managed properly.”

VMware said IT teams needed to be more proactive to minimize the risk and the management burden.

“They have to find the right balance between providing IT flexibility and managing this in a way that is suitable for the broader business and its longer term success,” the report said.

“The solution used to provision cloud services is key to this, as the IT department has now reached a tipping point where it’s no longer an option to ignore the reality of off-radar cloud spend.  What IT managers need to take away from the covert cloud research is that by acting now, they can turn covert clouds into a competitive differentiator rather than a security, management and compliance threat to the business.”

You May Also Be Interested In: