Enterprises are running one-third of their mission-critical applications in the cloud today and expect to have half of all critical applications running in the cloud by 2015.

According to research by SailPoint of 400 business leaders, only a third (34 per cent) bring IT staff into the vendor selection and planning process when a cloud application is procured without using IT's budget. Yet, 70 per cent believe that IT is ultimately responsible for managing user access to cloud applications while 14 per cent of respondents admit that they have no way of knowing if sensitive data is stored in the cloud at all.

Jackie Gilbert, vice president and general manager of SailPoint's cloud business unit, said: “As organisations adopt cloud applications, they are very likely to increase their risk exposure by putting sensitive data in the cloud without adequate controls or security processes in place. Many companies lack visibility not only to what data is in the cloud, but also to who can access that data.”

The survey also found that less than a third of companies are fully locked down when it comes to application usage at work, with business users are much more comfortable using consumer or 'non-approved' applications for work activities which take place outside the purview of IT.

Kevin Cunningham, president of SailPoint, said: “This is due in part to the ever changing IT landscape that make existing identity management issues even larger. The consumerisation of IT has put enterprises in a difficult position: they want to provide business users the convenience and flexibility promised by cloud and mobile devices, but they must also make sure controls are in place to monitor and manage who has access to what.

“Regardless of where customers are with their identity access management strategy, they need to proactively consider how to govern these new technologies and behaviours within their corporate policies.”