Story image

Shadow IT on the rise: Are you prepared?

02 Mar 2015

CipherCloud’s recent study 'Cloud Adoption and Risk' states 86% of cloud applications in a typical enterprise are unsanctioned by IT but most companies don’t recognise the extent of the shadow IT problem.

David Berman, CipherCloud Cloud Discovery director, says there is an extensive and under-estimated footprint for shadow IT.

He says the rapid adoption of the cloud and the fact that the download model for cloud applications allows individual workers to bypass the IT department is leading to a rise in shadow IT.

“This has led to the dilution of traditional controls in the IT decision-making process and opened the gates for shadow IT to enterprise.

“Unvetted clouds are moving into the company as part of the enterprise’s overall cloud journey,” Berman says.

This raises security concerns as each unsanctioned application is a vehicle for introducing security and compliance risks into the enterprise, says Berman.

“For instance, a phishing email tricks a user into revealing their credentials and then the attacker uses that login information to access the account and steal information.

“One of the most under-discussed regulatory risks is the lack of safe harbor certification,” he says.

According to Berman there are a number of ways to protect against these risks.

He says, “Develop a multi-faceted cloud governance and control framework by combining commercial best practices, regulatory obligations, and line-of-business requirements to form a sustainable cloud governance strategy.

“As part of this governance strategy, take a deep dive into your cloud user activities by department and business function, and understand the business needs for each cloud application.

“Balance these needs with your regulatory requirements to develop a practical and meaningful control framework.”

Furthermore, he says establishing integrated technologies to protect and monitor cloud usage is only the first step, and enterprises need to ensure they have ongoing means to manage cloud access and exert continuous controls.

“In addition, your controls need to be granular enough to meaningfully limit your data exposure to the cloud without hindering cloud functionality.

“Most importantly, discovering, protecting, and consistently monitoring should be integrated functions rather than discrete capabilities that you have to manage separately,” Berman says.

It is important to protect against risks now as shadow IT has a strong footprint inside many enterprises and ‘will not fade’ anytime soon.

“However, the right framework and tools can help companies mitigate against the risks,” Berman says.

Apple's AirPods now come with 'Hey Siri' functionality
The new AirPods come with a standard case or a Wireless Charging Case that holds additional charges for more than 24 hours of listening time.
NZ investment funds throw weight against social media giants
A consortium of NZ funds managing assets worth more than $90m are appealing against Facebook, Twitter, and Google following the Christchurch terror attacks.
Poly appoints new A/NZ managing director, Andy Hurt
“We’re excited to be bringing together two established pioneers in audio and video technology to be moving forward and one business – Poly."
Unity and NVIDIA announce real-time ray tracing across industries
For situations that demand maximum photorealism and the highest visual fidelity, ray tracing provides reflections and accurate dynamic computations for global lighting.
NVIDIA announces Jetson Nano: A US$99 tiny, yet mighty AI computer 
“Jetson Nano makes AI more accessible to everyone, and is supported by the same underlying architecture and software that powers the world's supercomputers.”
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
NVIDIA introduces a new breed of high-performance workstations
“Data science is one of the fastest growing fields of computer science and impacts every industry."
Apple says its new iMacs are "pretty freaking powerful"
The company has chosen the tagline “Pretty. Freaking powerful” as the tagline – and it’s not too hard to see why.