IT Brief New Zealand - Technology news for CIOs & IT decision-makers
New Zealand
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
internet of things
#
work from home
Search
Story image
#
CASB
#
Cloud Services
#
Compliance
Shadow IT on the rise: Are you prepared?
Mon, 2nd Mar 2015
FYI, this story is more than a year old
Author image
By Catherine Knowles, Journalist
Follow us

CipherCloud's recent study 'Cloud Adoption and Risk' states 86% of cloud applications in a typical enterprise are unsanctioned by IT but most companies don't recognise the extent of the shadow IT problem.

David Berman, CipherCloud Cloud Discovery director, says there is an extensive and under-estimated footprint for shadow IT.

He says the rapid adoption of the cloud and the fact that the download model for cloud applications allows individual workers to bypass the IT department is leading to a rise in shadow IT.

“This has led to the dilution of traditional controls in the IT decision-making process and opened the gates for shadow IT to enterprise.

“Unvetted clouds are moving into the company as part of the enterprise's overall cloud journey,” Berman says.

This raises security concerns as each unsanctioned application is a vehicle for introducing security and compliance risks into the enterprise, says Berman.

“For instance, a phishing email tricks a user into revealing their credentials and then the attacker uses that login information to access the account and steal information.

“One of the most under-discussed regulatory risks is the lack of safe harbor certification,” he says.

According to Berman there are a number of ways to protect against these risks.

He says, “Develop a multi-faceted cloud governance and control framework by combining commercial best practices, regulatory obligations, and line-of-business requirements to form a sustainable cloud governance strategy.

“As part of this governance strategy, take a deep dive into your cloud user activities by department and business function, and understand the business needs for each cloud application.

“Balance these needs with your regulatory requirements to develop a practical and meaningful control framework.

Furthermore, he says establishing integrated technologies to protect and monitor cloud usage is only the first step, and enterprises need to ensure they have ongoing means to manage cloud access and exert continuous controls.

“In addition, your controls need to be granular enough to meaningfully limit your data exposure to the cloud without hindering cloud functionality.

“Most importantly, discovering, protecting, and consistently monitoring should be integrated functions rather than discrete capabilities that you have to manage separately,” Berman says.

It is important to protect against risks now as shadow IT has a strong footprint inside many enterprises and ‘will not fade' anytime soon.

“However, the right framework and tools can help companies mitigate against the risks,” Berman says.

Related stories
Global Processing boosts efficiency with New Relic AI platform
Illumio unveils AI enhancements for faster Zero Trust Segmentation adoption
GitLab unveils Duo Chat for simplified AI-powered DevSecOps workflows
SAS expands managed services portfolio to Amazon Web Services
Business leaders anxious over data security – report
Top stories
Intel reshuffles Asia Pacific leadership to boost business growth
Coalition integrates cyber risk platform with top cloud services providers
Sapia Labs presents 'revolutionary' AI research at SIOP conference
Armis warns of major cyber-attack risk to 2024 global elections
Scality & Ingram Micro partner for market distribution of ARTESCA