What you don’t know can hurt you. This slight twist on a commonly used cliché illustrates the difficulties that many organizations experience when trying to secure sensitive data in the cloud.

While there are various hurdles to protecting cloud data, shadow IT is a growing obstacle that often goes undetected because corporate employees are using cloud services that aren’t authorized by IT. Employee usage of popular cloud services, such as file sharing apps and collaboration tools, help to increase workforce productivity. However, the other side of the coin reveals potential compromises in your cloud security, such as data loss, unauthorized access to data, increased exposure to malware infections and violation of compliance regulations when these apps are not recognized by IT.

A 2016 Gartner study estimated that by 2020, one-third of successful attacks experienced by enterprises will be on data located in shadow IT resources. While this statistic helps us comprehend the size and depth of this matter, the story is not complete without understanding employee usage of these cloud services. A 2013 survey by McAfee revealed that over 80 percent of corporate workers store company data in unsanctioned apps.

Today’s organizations must give employees’ easy access to resources to help them remain productive without compromising the security of critical data. As long as this burden exists, shadow IT will run rampant throughout the enterprise.

Shadow IT: You Can’t Protect What You Can’t See

As cloud adoption becomes more prevalent, many companies are forced to address how they will monitor and secure sensitive data moved to the cloud. The growing presence of shadow IT invites both security and compliance risks as organizations store or share their data within unknown cloud services.

Even sanctioned cloud services can expose sensitive data without the proper controls in place. This “shadow data” occurs when users upload, share or store information in the cloud. From employees uploading sensitive data into shadow IT apps without data loss prevention (DLP) controls to users sharing critical or regulated data with unauthorized individuals, companies cannot protect data that don’t have the visibility to manage.

Managed CASBs Bridge the Shadow IT Visibility Gap

Managed cloud access security brokers (CASBs) help to remediate shadow IT through a combined solution that delivers both the expertise of a managed security services provider (MSSP) and the data protection capabilities of a CASB. A managed CASB acts as a gatekeeper that monitors and safeguards all data traveling between your cloud services and on-premises infrastructure.

The primary benefits of this solution include visibility into cloud applications, use of data security policies to protect sensitive assets, threat protection of malicious user activity and management of compliance regulations.

To secure cloud data and provide visibility into shadow IT, managed CASBs:

  • Identify all cloud services used within the organization.
  • Generate a complete risk assessment of each cloud service to determine which apps should be sanctioned.
  • Employ security policies to monitor usage and protect data within cloud services.

Security is not just a one-time event. As the value and volume of cloud-based critical data increases, so does the need for managed CASB solutions.

Managed Cloud Data Protection (MCDP) from IBM, a managed CASB solution, provides the industry-leading tools, technology, operational experience and expertise security teams need to discover and control shadow IT use. In partnering with CASB leaders McAfee and Symantec, MCDP enforces data security, compliance and governance policies across all cloud apps, users and devices to help organizations manage and adapt their security needs as the technology environment changes.

Watch the on-demand webinar: Protecting Critical Data and Policy Management in the Cloud

More from Cloud Security

New cybersecurity sheets from CISA and NSA: An overview

4 min read - The Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) have recently released new CSI (Cybersecurity Information) sheets aimed at providing information and guidelines to organizations on how to effectively secure their cloud environments.This new release includes a total of five CSI sheets, covering various aspects of cloud security such as threat mitigation, identity and access management, network security and more. Here's our overview of the new CSI sheets, what they address and the key takeaways from each.Implementing…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

Cloud security uncertainty: Do you know where your data is?

3 min read - How well are security leaders sleeping at night? According to a recent Gigamon report, it appears that many cyber professionals are restless and worried.In the report, 50% of IT and security leaders surveyed lack confidence in knowing where their most sensitive data is stored and how it’s secured. Meanwhile, another 56% of respondents say undiscovered blind spots being exploited is the leading concern making them restless.The report reveals the ongoing need for improved cloud and hybrid cloud security. Solutions to…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today