What is the GREATEST concern when a department uses a cloud application without consulting IT?

When a department uses a cloud application independently of the IT department, the greatest concern typically revolves around the application of organization-defined security policies. The ability of IT to enforce security measures is crucial for protecting sensitive data and ensuring compliance with regulatory requirements.

If the cloud application is implemented without IT's involvement, there’s a significant risk that the necessary security controls, protocols, and policies designed to safeguard information will not be applied. This disconnect can lead to data breaches, improper handling of data, and overall vulnerabilities that the organization may not be aware of. It also poses challenges in managing access controls, monitoring for security incidents, and responding to threats effectively, which are core responsibilities of IT governance.

In this context, the absence of IT oversight could result in a cloud service that does not align with the organization’s security framework, putting both the data and the broader organization at risk. By leveraging the expertise of the IT department in evaluating and implementing cloud services, organizations can ensure that security practices are uniformly applied and risks are minimized.