The private sector is often ahead of the government when it comes to best practices, but not always. Gartner predicts that half of all enterprises with more than 1,000 users will use a cloud security solution by 2018. The pace of adoption in the enterprise is swift, but even the Federal Government built a large scale program, known as FedRAMP, that streamlines the cloud vetting process for government agencies. Now the question for IT pros is: when will 99.8% of all the other businesses in the United States address cloud security?

Shifting priorities

After the 2008 recession, businesses were quick to cut costs and improve efficiency. Cloud apps have fulfilled serious business needs at a fraction of the cost of in-house comparable services, so adoption was swift. The moment necessitated decisive actions. Cloud apps were in and security was out, or at least less important. After all, security doesn’t matter much if a business fails.

The problem is that many SMBs still feel like 2008 was yesterday. After seven years, some of the baggage that was dropped remains on the curbside. Not every decision made during the recession was a good one. If SMBs had been wise, they would have learned that it’s better to plan and implement more sustainable business practices than to react after a crisis. Digital security and business sustainability should be picked back up, assessed and reprioritized. Instead, by ignoring cloud security, SMBs are just waiting to react to another inevitable emergency.

Big business and big government are all prepared. Why aren’t SMBs monitoring cloud use?

Ignoring the Problem by Choice

The problem is that many SMBs know they have a problem with Shadow IT, but most of them don’t want to delve into that Shadow IT problem. If SMBs really learned what lurked in the shadows, they would probably do something about it. But instead of taking that first step, Shadow IT remains unexamined, in part due to a lack of resources. IT departments are stretched thin as it is and businesses are spending more on technology today than ever. Spending more money and using more resources requires serious business justification.

Beyond business justifications, normal human emotions like procrastination and avoiding confrontation also play a role. Executives don’t want to crack a whip on security when everyone is getting along and highly productive. Unfortunately, none of the rationalizations for ignoring Shadow IT or not implementing controls does anything to cure the underlying problem. Shadow IT is a ticking time bomb for SMBs.

So, when will SMBs address Shadow IT?

The most likely answer is that SMBs will become comfortable dealing with Shadow IT when the solutions become easy to implement, more affordable and undetectable by users. Fortunately, there is Cloud Access Monitor which was built with SMBs’ goals in mind. ManagedMethods offers the only easy and affordable cloud security solution for SMBs who are ready to face their Shadow IT problem head on.

David Waugh

David Waugh

VP, Sales & Marketing

Share this entry