Story image

Shadow IT on the rise: Are you prepared?

02 Mar 15

CipherCloud’s recent study 'Cloud Adoption and Risk' states 86% of cloud applications in a typical enterprise are unsanctioned by IT but most companies don’t recognise the extent of the shadow IT problem.

David Berman, CipherCloud Cloud Discovery director, says there is an extensive and under-estimated footprint for shadow IT.

He says the rapid adoption of the cloud and the fact that the download model for cloud applications allows individual workers to bypass the IT department is leading to a rise in shadow IT.

“This has led to the dilution of traditional controls in the IT decision-making process and opened the gates for shadow IT to enterprise.

“Unvetted clouds are moving into the company as part of the enterprise’s overall cloud journey,” Berman says.

This raises security concerns as each unsanctioned application is a vehicle for introducing security and compliance risks into the enterprise, says Berman.

“For instance, a phishing email tricks a user into revealing their credentials and then the attacker uses that login information to access the account and steal information.

“One of the most under-discussed regulatory risks is the lack of safe harbor certification,” he says.

According to Berman there are a number of ways to protect against these risks.

He says, “Develop a multi-faceted cloud governance and control framework by combining commercial best practices, regulatory obligations, and line-of-business requirements to form a sustainable cloud governance strategy.

“As part of this governance strategy, take a deep dive into your cloud user activities by department and business function, and understand the business needs for each cloud application.

“Balance these needs with your regulatory requirements to develop a practical and meaningful control framework.”

Furthermore, he says establishing integrated technologies to protect and monitor cloud usage is only the first step, and enterprises need to ensure they have ongoing means to manage cloud access and exert continuous controls.

“In addition, your controls need to be granular enough to meaningfully limit your data exposure to the cloud without hindering cloud functionality.

“Most importantly, discovering, protecting, and consistently monitoring should be integrated functions rather than discrete capabilities that you have to manage separately,” Berman says.

It is important to protect against risks now as shadow IT has a strong footprint inside many enterprises and ‘will not fade’ anytime soon.

“However, the right framework and tools can help companies mitigate against the risks,” Berman says.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
The disaster recovery-as-a-service market is on the rise
As time progresses and advanced technologies are implemented, the demand for disaster recovery-as-a-service is also expected to increase.
Apax Partners wins bidding war for Trade Me buyout
“We’re confident Trade Me would have a successful standalone future," says Trade Me chairman David Kirk
The key to financial institutions’ path to digital dominance
By 2020, about 1.7 megabytes a second of new information will be created for every human being on the planet.
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
NVIDIA sets records with their enterprise AI
The new MLPerf benchmark suite measures a wide range of deep learning workloads, aiming to serve as the industry’s first objective AI benchmark suite.
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.