What you don’t know can hurt you. This slight twist on a commonly used cliché illustrates the difficulties that many organizations experience when trying to secure sensitive data in the cloud.

While there are various hurdles to protecting cloud data, shadow IT is a growing obstacle that often goes undetected because corporate employees are using cloud services that aren’t authorized by IT. Employee usage of popular cloud services, such as file sharing apps and collaboration tools, help to increase workforce productivity. However, the other side of the coin reveals potential compromises in your cloud security, such as data loss, unauthorized access to data, increased exposure to malware infections and violation of compliance regulations when these apps are not recognized by IT.

A 2016 Gartner study estimated that by 2020, one-third of successful attacks experienced by enterprises will be on data located in shadow IT resources. While this statistic helps us comprehend the size and depth of this matter, the story is not complete without understanding employee usage of these cloud services. A 2013 survey by McAfee revealed that over 80 percent of corporate workers store company data in unsanctioned apps.

Today’s organizations must give employees’ easy access to resources to help them remain productive without compromising the security of critical data. As long as this burden exists, shadow IT will run rampant throughout the enterprise.

Shadow IT: You Can’t Protect What You Can’t See

As cloud adoption becomes more prevalent, many companies are forced to address how they will monitor and secure sensitive data moved to the cloud. The growing presence of shadow IT invites both security and compliance risks as organizations store or share their data within unknown cloud services.

Even sanctioned cloud services can expose sensitive data without the proper controls in place. This “shadow data” occurs when users upload, share or store information in the cloud. From employees uploading sensitive data into shadow IT apps without data loss prevention (DLP) controls to users sharing critical or regulated data with unauthorized individuals, companies cannot protect data that don’t have the visibility to manage.

Managed CASBs Bridge the Shadow IT Visibility Gap

Managed cloud access security brokers (CASBs) help to remediate shadow IT through a combined solution that delivers both the expertise of a managed security services provider (MSSP) and the data protection capabilities of a CASB. A managed CASB acts as a gatekeeper that monitors and safeguards all data traveling between your cloud services and on-premises infrastructure.

The primary benefits of this solution include visibility into cloud applications, use of data security policies to protect sensitive assets, threat protection of malicious user activity and management of compliance regulations.

To secure cloud data and provide visibility into shadow IT, managed CASBs:

  • Identify all cloud services used within the organization.
  • Generate a complete risk assessment of each cloud service to determine which apps should be sanctioned.
  • Employ security policies to monitor usage and protect data within cloud services.

Security is not just a one-time event. As the value and volume of cloud-based critical data increases, so does the need for managed CASB solutions.

Managed Cloud Data Protection (MCDP) from IBM, a managed CASB solution, provides the industry-leading tools, technology, operational experience and expertise security teams need to discover and control shadow IT use. In partnering with CASB leaders McAfee and Symantec, MCDP enforces data security, compliance and governance policies across all cloud apps, users and devices to help organizations manage and adapt their security needs as the technology environment changes.

Watch the on-demand webinar: Protecting Critical Data and Policy Management in the Cloud

More from Cloud Security

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Why Are Cloud Misconfigurations Still a Major Issue?

Cloud misconfigurations are by far the biggest threat to cloud security, according to the National Security Agency (NSA). The 2022 IBM Security X-Force Cloud Threat Landscape Report found that cloud vulnerabilities have grown a whopping 28% since last year, with a 200% increase in cloud accounts offered on the dark web in the same timeframe. With vulnerabilities on the rise, the catastrophic impact of cloud breaches has made it clear that proper cloud security is of the utmost importance. And…

Charles Henderson’s Cybersecurity Awareness Month Content Roundup

In some parts of the world during October, we have Halloween, which conjures the specter of imagined monsters lurking in the dark. Simultaneously, October is Cybersecurity Awareness Month, which evokes the specter of threats lurking behind our screens. Bombarded with horror stories about data breaches, ransomware, and malware, everyone’s suddenly in the latest cybersecurity trends and data, and the intricacies of their organization’s incident response plan. What does all this fear and uncertainty stem from? It’s the unknowns. Who might…

How an Attacker Can Achieve Persistence in Google Cloud Platform (GCP) with Cloud Shell

IBM Security X-Force Red took a deeper look at the Google Cloud Platform (GCP) and found a potential method an attacker could use to persist in GCP via the Google Cloud Shell. Google Cloud Shell is a service that provides a web-based shell where GCP administrative activities can be performed. A web-based shell is a nice feature because it allows developers and administrators to manage GCP resources without having to install or keep any software locally on their system. From…