Shadow IT, a phenomenon defined as building internal IT systems without the official organizational approval has been a growing concern for CIOs over the last few years. In 2015, it climbed to the top of the list of the emerging IT threats, with as much as 83% CIOs reporting they have experienced some form of unauthorized delivery of cloud services.
This trend has a lot to do with the increased use of mobile devices at workplace and unregulated data transfer through employees’ personal cloud applications, which makes organizations unable to control the flow of corporate data. Unsurprisingly, managing shadow IT implementations becomes a focus for both organizations and cloud vendors.
Among the major releases we’ve seen in 2015, IBM’s Cloud Security Enforcer gained significant attention by enterprise analysts and security experts as a solution that could greatly increase the safety of business apps. To enable organizations to effectively fight shadow IT, the platform provides the necessary features to monitor and analyze the use of cloud applications at Workplace, and use this knowledge to minimize security threats. Apart from IBM, multiple other vendors compete in the market, aiming to redefine the ways enterprise works in the cloud.
Employees are more frequently turning to cloud applications to transfer corporate data and accesses company network remotely. This represents a major change for the IT infrastructure in modern businesses and makes the modern workplace more flexible. As a result, companies in the US and most other parts of the world increasingly hire remote workforce and introduce BYOD policies, all of which require new security systems to maintain maximum level of protection.
To anticipate the demand for secure mobile workforce solutions, multiple cloud vendors have recently released platforms for managing data access and transfer. Apart from Cloud Security Enforcer, back in April, 2015 we also welcomed the launch of CipherCloud’s Cloud Discovery Enterprise Edition that aims to help large organizations enforce their security policies.
In a survey associated with the release, CipherCloud found that 86% of cloud applications used at workplace are unsanctioned, which is a figure that complements the one mentioned in the introduction. Obviously, the security vendors have a lucrative market to serve with their shadow IT solutions. However, even with the advanced security systems, organizations themselves still carry a great deal of responsibility over the ways this issue will be managed.
Given its scope, shadow IT can be highly difficult to control, due to the diversity of platforms and services potentially involved in creating a whole new infrastructure. The greatest problem, of course, is the fact that employees use the same services for both personal and business files. Yet, some analysts suggested that shadow IT should be embraced as a natural stage of the IT evolution. Furthermore, Gartner analysts had a similar view at the Gartner Symposium/ITExpo 2015. Namely, the general recommendation is to fight the problem by facing it directly, i.e. determining the true scope of shadow IT in the organization first. Speaking at the event, Gartner analyst Hank Marquis said:
“Shadow IT for the right reasons, in the right areas, can create value,” adding that organizations have an untapped pool of resources that could be used. “The dark side is you’ll be responsible for the bad decisions all those shadow IT people make.”
Marquis’ comments imply that the problem is tamable, although not that easily. Organizations first need to find out the ways to identify the number and type of apps used at workplace, as well as educate their employees on the best practices for using them. Currently, some popular apps such as Dropbox and Facebook are most frequently banned at workplace, but the organizations can always suggest more secure alternatives. In the file sharing space, these could be client-side encrypted services such as pCloud and SpiderOak, which provide a higher level of privacy for both personal and corporate documents. This way, the organizations can minimize the long-term risks associated with unregulated and reckless use of communication, file-sharing and storage applications.
After all, employees are still seen as the weakest link in corporate security. Therefore, they need to be educated on the best practices for keeping their accounts safe and on the great risk associated with file sharing. Finally, the organizations need to find the proper balance between adopting new solutions and ensuring the employees always have the necessary resources at their disposal. Only this way, organizations can take advantage of shadow IT, instead of trying to eliminate it completely.
The changing landscape of corporate communications is increasingly associated with the mass adoption of mobile devices that introduce a new level of business flexibility. At the same time, however, the mobile revolution increased organizations’ exposure to cyber risks through Shadow IT and this is precisely the problem today’s leading cloud vendors aim to solve. The latest solutions developed for the purpose promise another era in mobile-enabled businesses, thus representing an interesting new IT focus.
By Sarah Green