Cloud-based Shadow IT Threatens Financial Services

While we tend to think of financial services companies as having locked down security, the reality is that their employees are no different from others: They want to use cloud services to get work done—and they’re not always secure about it.

The Q3 Cloud Adoption and Risk for financial services report from Skyhigh reveals a startling gap between perception and reality: The average financial services organization uses 1,004 cloud services—over 15 times more than what IT estimates.

While they take special care in assessing the compliance controls of cloud services, employees can introduce cloud services into the workplace, creating shadow IT, which are services not known by the IT department.

Broken down further, the average finance employee uses 31 distinct cloud services, including eight collaboration services, five file sharing services, three social media services and three content sharing services.

“Financial services organizations are embracing the cloud to reduce IT cost, while increasing employee efficiency and productivity,” Skyhigh said. “Although technology is changing the way financial services organizations operate, the sensitivity of their customers’ financial data has not changed. Trust is also important to their business, and it can evaporate when customer data is compromised in a breach.”

The good news is that just 24% of financial services companies surveyed reported an insider threat incident in the last year. But 88% of financial services companies had behavior indicative of an insider threat in the last quarter alone.

Also, a full 94.3% of financial services companies have exposure to compromised credentials. This number is higher than the overall average of 91.7% across all industries, and 15.5% of finance employees have at least one compromised credential, compared with just 11.2% across all industries.

What’s Hot on Infosecurity Magazine?