Story image

Shadow IT on the rise: Are you prepared?

02 Mar 15

CipherCloud’s recent study 'Cloud Adoption and Risk' states 86% of cloud applications in a typical enterprise are unsanctioned by IT but most companies don’t recognise the extent of the shadow IT problem.

David Berman, CipherCloud Cloud Discovery director, says there is an extensive and under-estimated footprint for shadow IT.

He says the rapid adoption of the cloud and the fact that the download model for cloud applications allows individual workers to bypass the IT department is leading to a rise in shadow IT.

“This has led to the dilution of traditional controls in the IT decision-making process and opened the gates for shadow IT to enterprise.

“Unvetted clouds are moving into the company as part of the enterprise’s overall cloud journey,” Berman says.

This raises security concerns as each unsanctioned application is a vehicle for introducing security and compliance risks into the enterprise, says Berman.

“For instance, a phishing email tricks a user into revealing their credentials and then the attacker uses that login information to access the account and steal information.

“One of the most under-discussed regulatory risks is the lack of safe harbor certification,” he says.

According to Berman there are a number of ways to protect against these risks.

He says, “Develop a multi-faceted cloud governance and control framework by combining commercial best practices, regulatory obligations, and line-of-business requirements to form a sustainable cloud governance strategy.

“As part of this governance strategy, take a deep dive into your cloud user activities by department and business function, and understand the business needs for each cloud application.

“Balance these needs with your regulatory requirements to develop a practical and meaningful control framework.”

Furthermore, he says establishing integrated technologies to protect and monitor cloud usage is only the first step, and enterprises need to ensure they have ongoing means to manage cloud access and exert continuous controls.

“In addition, your controls need to be granular enough to meaningfully limit your data exposure to the cloud without hindering cloud functionality.

“Most importantly, discovering, protecting, and consistently monitoring should be integrated functions rather than discrete capabilities that you have to manage separately,” Berman says.

It is important to protect against risks now as shadow IT has a strong footprint inside many enterprises and ‘will not fade’ anytime soon.

“However, the right framework and tools can help companies mitigate against the risks,” Berman says.

Soul Machines' virtual humans go mainstream
An Auckland AI firm renowned for its work creating ‘digital humans’ is now unleashing its creativity to the wider market.
Hands-on review: The Logitech R500 laser presentation remote
With a clever ergonomic design, you’ll never have to glance at the device, unless you deliberately look to use the built-in laser pointer to emphasise your presentation.
GCSB welcomes Inspector-General's report on intelligence warrants
Intelligence warrants can include surveillance, private communications interception, searches of physical places and things, and the seizure of communications, information and things.
Lightning Lab accelerator delves into tourism
“It’s great to see the tourism sector taking a proactive and collaborative approach to innovation."
Apax Partners wins bidding war for Trade Me buyout
“We’re confident Trade Me would have a successful standalone future," says Trade Me chairman David Kirk
Verifi takes spot in Deloitte Asia Pacific Fast 500
"An increasing amount of companies captured by New Zealand’s Anti-Money laundering legislation are realising that an electronic identity verification solution can streamline their customer onboarding."
Homegrown stress relief app to be launched next year
Researchers at the University of Auckland and an Auckland-based creative agency are working together to create a ‘world first’ app that they believe will help with stress relief.
How blockchain will impact NZ’s economy
Distributed ledgers and blockchain are anticipated to provide a positive uplift to New Zealand’s economy.