What you don’t know can hurt you. This slight twist on a commonly used cliché illustrates the difficulties that many organizations experience when trying to secure sensitive data in the cloud.
While there are various hurdles to protecting cloud data, shadow IT is a growing obstacle that often goes undetected because corporate employees are using cloud services that aren’t authorized by IT. Employee usage of popular cloud services, such as file sharing apps and collaboration tools, help to increase workforce productivity. However, the other side of the coin reveals potential compromises in your cloud security, such as data loss, unauthorized access to data, increased exposure to malware infections and violation of compliance regulations when these apps are not recognized by IT.
A 2016 Gartner study estimated that by 2020, one-third of successful attacks experienced by enterprises will be on data located in shadow IT resources. While this statistic helps us comprehend the size and depth of this matter, the story is not complete without understanding employee usage of these cloud services. A 2013 survey by McAfee revealed that over 80 percent of corporate workers store company data in unsanctioned apps.
Today’s organizations must give employees’ easy access to resources to help them remain productive without compromising the security of critical data. As long as this burden exists, shadow IT will run rampant throughout the enterprise.
Shadow IT: You Can’t Protect What You Can’t See
As cloud adoption becomes more prevalent, many companies are forced to address how they will monitor and secure sensitive data moved to the cloud. The growing presence of shadow IT invites both security and compliance risks as organizations store or share their data within unknown cloud services.
Even sanctioned cloud services can expose sensitive data without the proper controls in place. This “shadow data” occurs when users upload, share or store information in the cloud. From employees uploading sensitive data into shadow IT apps without data loss prevention (DLP) controls to users sharing critical or regulated data with unauthorized individuals, companies cannot protect data that don’t have the visibility to manage.
Managed CASBs Bridge the Shadow IT Visibility Gap
Managed cloud access security brokers (CASBs) help to remediate shadow IT through a combined solution that delivers both the expertise of a managed security services provider (MSSP) and the data protection capabilities of a CASB. A managed CASB acts as a gatekeeper that monitors and safeguards all data traveling between your cloud services and on-premises infrastructure.
The primary benefits of this solution include visibility into cloud applications, use of data security policies to protect sensitive assets, threat protection of malicious user activity and management of compliance regulations.
To secure cloud data and provide visibility into shadow IT, managed CASBs:
- Identify all cloud services used within the organization.
- Generate a complete risk assessment of each cloud service to determine which apps should be sanctioned.
- Employ security policies to monitor usage and protect data within cloud services.
Security is not just a one-time event. As the value and volume of cloud-based critical data increases, so does the need for managed CASB solutions.
Managed Cloud Data Protection (MCDP) from IBM, a managed CASB solution, provides the industry-leading tools, technology, operational experience and expertise security teams need to discover and control shadow IT use. In partnering with CASB leaders McAfee and Symantec, MCDP enforces data security, compliance and governance policies across all cloud apps, users and devices to help organizations manage and adapt their security needs as the technology environment changes.