Light Dark
March 30, 2017 By Mike Spradbery 2 min read
Cloud Security

Shadow IT is still a challenge for organizations. With the constant introduction of new productivity and communication tools, as well as the adoption and evolution of existing services, users are more inclined to collaborate outside of IT-sanctioned applications. It is often easier to share information using one of the apps already integrated on our phones than it is to upload it to a corporate system. But this can be risky.

Scared of Your Own Shadow?

Using a public cloud service to share what may seem like a mundane photo of a whiteboard covered in sticky notes, for example, could result in a company’s next wave of innovative ideas being stored in an insecure manner. Add to this risk the challenges of compliance and auditing, and shadow IT can become a big problem.

But unsanctioned cloud apps do enable users to be more efficient, which presents two problems. First, attempting to block access to unsanctioned services is a poor a long-term solution because people will find ways around whatever barriers you put in place. Secondly, we want our users to be efficient, and that may mean leveraging some of these cloud apps.

Building a Successful Shadow IT Strategy

It is important for IT leaders to be realistic about shadow IT, which includes everything from cloud services to bring-your-own-apps for mobile devices. It’s impossible to completely control what users are doing, but a successful strategy should include these three critical steps:

  1. Educate users on how to handle corporate data. Make sure they understand the risks of using public shared services and their responsibility to ensure that confidential, valuable or personally identifiable information (PII) is stored properly.
  2. Provide users with the tools they need. By offering a range of high-quality, approved apps, you decrease the need for users to look elsewhere.
  3. Monitor what’s going on in your organization. You need to have visibility into what services are being used, by whom, how often, for what sorts of data and how much it costs. Control access to insecure services and learn what users really need by looking at demand.

As users become increasingly tech-savvy, shadow IT will continue to exist. The potential risks can be managed with good education, alternative tooling and careful monitoring.

Learn more about IBM Cloud App Analytics

 |  |  |  |  |  | 
Mike Spradbery
Security Technical Manager, IBM

More from Cloud Security
April 9, 2024

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

April 4, 2024

Cloud security uncertainty: Do you know where your data is?

3 min read - How well are security leaders sleeping at night? According to a recent Gigamon report, it appears that many cyber professionals are restless and worried.In the report, 50% of IT and security leaders surveyed lack confidence in knowing where their most sensitive data is stored and how it’s secured. Meanwhile, another 56% of respondents say undiscovered blind spots being exploited is the leading concern making them restless.The report reveals the ongoing need for improved cloud and hybrid cloud security. Solutions to…

March 14, 2024

Cloud security evolution: Years of progress and challenges

7 min read - Over a decade since its advent, cloud computing continues to enable organizational agility through scalability, efficiency and resilience. As clients shift from early experiments to strategic workloads, persistent security gaps demand urgent attention even as providers expand infrastructure safeguards.The prevalence of cloud-native services has grown exponentially over the past decade, with cloud providers consistently introducing a multitude of new services at an impressive pace. Now, the contemporary cloud environment is not only larger but also more diverse. Unfortunately, that size…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature