Four Puzzling Issues of Identity Authentication - Part 2

Four Puzzling Issues of Identity Authentication – Part 2

Caveats about ‘Password’ Continued from Part 1... Sometimes the word ‘Password’ is narrowly interpreted as ‘remembered text password’ and sometimes it’s taken broadly as ‘whatever we remember for authentication’. We are of the view that it would be desirable to define ‘Password’ broadly enough. As
The Cloud Reveals a Future of Work That May Be Scary to Some

The Cloud Reveals a Future of Work That May Be Scary to Some

The Future of Work May Be Scary to Some Anyone paying attention to the world of work over the past 10 years or so has noticed the profound changes. Whether client-facing or internal, the cloud and its attendant technologies — such as AI — are
Shadow IT

Shadow IT To Remain A Focus For Both Cloud Vendors And CIOs

Shadow IT Trends

Shadow IT, a phenomenon defined as building internal IT systems without the official organizational approval has been a growing concern for CIOs over the last few years. In 2015, it climbed to the top of the list of the emerging IT threats, with as much as 83% CIOs reporting they have experienced some form of unauthorized delivery of cloud services.

This trend has a lot to do with the increased use of mobile devices at workplace and unregulated data transfer through employees’ personal cloud applications, which makes organizations unable to control the flow of corporate data. Unsurprisingly, managing shadow IT implementations becomes a focus for both organizations and cloud vendors.

Shadow IT Trends

Among the major releases we’ve seen in 2015, IBM’s Cloud Security Enforcer gained significant attention by enterprise analysts and security experts as a solution that could greatly increase the safety of business apps. To enable organizations to effectively fight shadow IT, the platform provides the necessary features to monitor and analyze the use of cloud applications at workplace, and use this knowledge to minimize security threats. Apart from IBM, multiple other vendors compete in the market, aiming to redefine the ways enterprise works in the cloud.

New solutions for fighting shadow IT

Employees are more frequently turning to cloud applications to transfer corporate data and accesses company network remotely. This represents a major change for the IT infrastructure in modern businesses and makes the modern workplace more flexible. As a result, companies in the US and most other parts of the world increasingly hire remote workforce and introduce BYOD policies, all of which require new security systems to maintain maximum level of protection.

 

To anticipate the demand for secure mobile workforce solutions, multiple cloud vendors have recently released platforms for managing data access and transfer. Apart from Cloud Security Enforcer, back in April, 2015 we also welcomed the launch of CipherCloud’s Cloud Discovery Enterprise Edition that aims to help large organizations enforce their security policies.

In a survey associated with the release, CipherCloud found that 86% of cloud applications used at workplace are unsanctioned, which is a figure that complements the one mentioned in the introduction. Obviously, the security vendors have a lucrative market to serve with their shadow IT solutions. However, even with the advanced security systems, organizations themselves still carry a great deal of responsibility over the ways this issue will be managed.

Addressing the issue directly

Given its scope, shadow IT can be highly difficult to control, due to the diversity of platforms and services potentially involved in creating a whole new infrastructure. The greatest problem, of course, is the fact that employees use the same services for both personal and business files. Yet, some analysts suggested that shadow IT should be embraced as a natural stage of the IT evolution. Furthermore, Gartner analysts had a similar view at the Gartner Symposium/ITExpo 2015. Namely, the general recommendation is to fight the problem by facing it directly, i.e. determining the true scope of shadow IT in the organization first. Speaking at the event, Gartner analyst Hank Marquis said:

Shadow IT for the right reasons, in the right areas, can create value,” adding that organizations have an untapped pool of resources that could be used. “The dark side is you’ll be responsible for the bad decisions all those shadow IT people make.”

 

Marquis’ comments imply that the problem is tamable, although not that easily. Organizations first need to find out the ways to identify the number and type of apps used at workplace, as well as educate their employees on the best practices for using them. Currently, some popular apps such as Dropbox and Facebook are most frequently banned at workplace, but the organizations can always suggest more secure alternatives. In the file sharing space, these could be client-side encrypted services such as pCloud and SpiderOak, which provide a higher level of privacy for both personal and corporate documents. This way, the organizations can minimize the long-term risks associated with unregulated and reckless use of communication, file-sharing and storage applications.

After all, employees are still seen as the weakest link in corporate security. Therefore, they need to be educated on the best practices for keeping their accounts safe and on the great risk associated with file sharing. Finally, the organizations need to find the proper balance between adopting new solutions and ensuring the employees always have the necessary resources at their disposal. Only this way, organizations can take advantage of shadow IT, instead of trying to eliminate it completely.

Conclusions

The changing landscape of corporate communications is increasingly associated with the mass adoption of mobile devices that introduce a new level of business flexibility. At the same time, however, the mobile revolution increased organizations’ exposure to cyber risks through Shadow IT and this is precisely the problem today’s leading cloud vendors aim to solve. The latest solutions developed for the purpose promise another era in mobile-enabled businesses, thus representing an interesting new IT focus.

By Sarah Green

CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information, resources and thought leadership services.

Contact us for a list of our leading brand and thought leadership exposure programs.

TOP ARCHIVES

Leading Multicloud Strategies

What’s Ahead for Cloud in 2019

The Cloud In 2019 2018 was an incredible time for cloud. Its impact on customer experiences, business processes and models, ...
Part 2 - Identity Assurance by Our Own Volition and Memory

Part 2 – Identity Assurance by Our Own Volition and Memory

Identity Assurance We believe that the reliable identity assurance (See part 1) must be built on three prerequisite principles as ...
Data Visualization 101: How, What, Why?

Data Visualization 101: How, What, Why?

Data Visualization 101 “A picture is worth a thousand words.” This old, English idiom could not ring more true than ...
SD Wan Speeds

Debunking some common SD WAN myths

Common SD WAN Myths There are few buzzwords in the networking world as current as ‘SD WAN’ – and depending ...
Built to Last: Choosing the Right Infrastructure Partner for Your Game

Built to Last: Choosing the Right Infrastructure Partner for Your Game

Choosing the Right Infrastructure Partner There are millions of gamers around the globe, and according to gaming market research firm ...