Shadow IT

Shadow IT To Remain A Focus For Both Cloud Vendors And CIOs

Shadow IT To Remain A Focus

Shadow IT, a phenomenon defined as building internal IT systems without the official organizational approval has been a growing concern for CIOs over the last few years. In 2015, it climbed to the top of the list of the emerging IT threats, with as much as 83% CIOs reporting they have experienced some form of unauthorized delivery of cloud services.

This trend has a lot to do with the increased use of mobile devices at workplace and unregulated data transfer through employees’ personal cloud applications, which makes organizations unable to control the flow of corporate data. Unsurprisingly, managing shadow IT implementations becomes a focus for both organizations and cloud vendors.

shadow-IT-tech

Among the major releases we’ve seen in 2015, IBM’s Cloud Security Enforcer gained significant attention by enterprise analysts and security experts as a solution that could greatly increase the safety of business apps. To enable organizations to effectively fight shadow IT, the platform provides the necessary features to monitor and analyze the use of cloud applications at workplace, and use this knowledge to minimize security threats. Apart from IBM, multiple other vendors compete in the market, aiming to redefine the ways enterprise works in the cloud.

New solutions for fighting shadow IT

Employees are more frequently turning to cloud applications to transfer corporate data and accesses company network remotely. This represents a major change for the IT infrastructure in modern businesses and makes the modern workplace more flexible. As a result, companies in the US and most other parts of the world increasingly hire remote workforce and introduce BYOD policies, all of which require new security systems to maintain maximum level of protection.

Comic Tech

To anticipate the demand for secure mobile workforce solutions, multiple cloud vendors have recently released platforms for managing data access and transfer. Apart from Cloud Security Enforcer, back in April, 2015 we also welcomed the launch of CipherCloud’s Cloud Discovery Enterprise Edition that aims to help large organizations enforce their security policies.

In a survey associated with the release, CipherCloud found that 86% of cloud applications used at workplace are unsanctioned, which is a figure that complements the one mentioned in the introduction. Obviously, the security vendors have a lucrative market to serve with their shadow IT solutions. However, even with the advanced security systems, organizations themselves still carry a great deal of responsibility over the ways this issue will be managed.

Addressing the issue directly

Given its scope, shadow IT can be highly difficult to control, due to the diversity of platforms and services potentially involved in creating a whole new infrastructure. The greatest problem, of course, is the fact that employees use the same services for both personal and business files. Yet, some analysts suggested that shadow IT should be embraced as a natural stage of the IT evolution. Furthermore, Gartner analysts had a similar view at the Gartner Symposium/ITExpo 2015. Namely, the general recommendation is to fight the problem by facing it directly, i.e. determining the true scope of shadow IT in the organization first. Speaking at the event, Gartner analyst Hank Marquis said:

Shadow IT for the right reasons, in the right areas, can create value,” adding that organizations have an untapped pool of resources that could be used. “The dark side is you’ll be responsible for the bad decisions all those shadow IT people make.”

workplace-byod

Marquis’ comments imply that the problem is tamable, although not that easily. Organizations first need to find out the ways to identify the number and type of apps used at workplace, as well as educate their employees on the best practices for using them. Currently, some popular apps such as Dropbox and Facebook are most frequently banned at workplace, but the organizations can always suggest more secure alternatives. In the file sharing space, these could be client-side encrypted services such as pCloud and SpiderOak, which provide a higher level of privacy for both personal and corporate documents. This way, the organizations can minimize the long-term risks associated with unregulated and reckless use of communication, file-sharing and storage applications.

After all, employees are still seen as the weakest link in corporate security. Therefore, they need to be educated on the best practices for keeping their accounts safe and on the great risk associated with file sharing. Finally, the organizations need to find the proper balance between adopting new solutions and ensuring the employees always have the necessary resources at their disposal. Only this way, organizations can take advantage of shadow IT, instead of trying to eliminate it completely.

Conclusions

The changing landscape of corporate communications is increasingly associated with the mass adoption of mobile devices that introduce a new level of business flexibility. At the same time, however, the mobile revolution increased organizations’ exposure to cyber risks through Shadow IT and this is precisely the problem today’s leading cloud vendors aim to solve. The latest solutions developed for the purpose promise another era in mobile-enabled businesses, thus representing an interesting new IT focus.

By Sarah Green

CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information, resources and thought leadership services.

Contact us for a list of our leading programs.

CONTRIBUTORS

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

DDoS Attacks October 21st, 2016 went into the annals of Internet history for the large scale Distributed Denial of Service (DDoS) ...
5 Ways To Ensure Your Cloud Solution Is Always Operational

5 Ways To Ensure Your Cloud Solution Is Always Operational

Ensure Your Cloud Is Always Operational We have become so accustomed to being online that we take for granted the ...
The Cloudification of Healthcare: Benefits and Risks

The Cloudification of Healthcare: Benefits and Risks

Cloud Healthcare: Benefits and Risks Many organizations are moving most of their business-critical applications and workloads to the cloud. The ...
PODCAST - EPISODE 2: Trains, Security and AI

PODCAST – EPISODE 2: Trains, Security and AI

CloudTweaks Podcast The power of Twitter, the importance of teaming up with a cloud security specialist, how trains are using ...
API security

3 Steps to Better Security in the API Economy

API Security Whenever you’re working online with the Internet, security is also a top concern. Any mistakes or lapse of ...
The Future For Cyber Security Looks Uncertain

The Future For Cyber Security Looks Uncertain

Future For Cyber Security From the inception of the internet, cyber security has become increasingly more important. As the internet ...
Combatting Malware in the Cloud Requires a New Way of Thinking

Combatting Malware in the Cloud Requires a New Way of Thinking

Malware in the Cloud It’s no secret that cloud adoption has exploded in the enterprise over last few years. However, ...
The ID Federation: What Technology Can Displace The Password?

The ID Federation: What Technology Can Displace The Password?

The Future Password Many people shout that the password is dead or should be killed dead. The password could be ...
GDPR Compliance: A Network Perspective

GDPR Compliance: A Network Perspective

GDPR Compliance Regulations can be a tricky thing. For the most part, they’re well thought out in terms of mandating ...
Part 2 - Identity Assurance by Our Own Volition and Memory

Part 2 – Identity Assurance by Our Own Volition and Memory

Identity Assurance by Our Own Volition and Memory We believe that the reliable identity assurance (See part 1) must be ...