The security risk that I am most focused on right now is this: Shadow IT and the consumerization of IT have put too many employee work activities out of sight of the security department.
Employees at my company now use more than 90 cloud-based apps that I know of. Most of these are categorized as software as a service (SaaS). Many are corporate-sanctioned, meaning the business unit or IT went through a selection process to identify and procure an application, and my department was at least consulted. This list includes applications such as ADP for payroll, Salesforce, Workday, Oracle, WebEx, Google Docs, Microsoft Office 365 and SAP.