According to Gartner, Amazon Web Services is the overwhelming cloud market leader, with more than five times the compute capacity in use than the combined total of its 14 nearest competitors. Empowered by the ethic of BYOD, departmental-level employees began bringing Amazon into large businesses.
I have seen this before. When IBM had the monopoly of mainframe computers, a new startup called Digital Equipment Corp (DEC) started selling so-called mini-computers on a departmental level. These puppies ranged from $50K to many hundreds of thousands, were put into the enterprise often without approval/cooperation from the IT group, and employees created their own applications. Sounds familiar? Right.
Non-IT folk are not steeped in security best practices. They were not then, and aren't now. The result of this is IT infrastructure that was put together solely for the intended result, but were not built with security in mind. Happened then, and is happening right now with the cloud. Did you know it takes an average of about 4 hours to hack a cloud-based server that is put up there just with its default configuration?
IT departments have learned the hard way that IT security needs to be part and parcel of any new server that comes online. Departmental people don't, hackers will benefit and the organization will suffer sooner or later.
IT security needs to be a corporate culture, driven from the top down, starting at the Board of Directors and CEO level. If that is not the case, massive data breaches like Target will be in the news every month.