GDT Webinar Series – How to Fail at Security? Reserve Your Spot

Shadow IT―you might be a participant and don’t even know it

Shadow IT and Cloud Security

By Richard Arneson

Everybody loves the cloud, and why wouldn’t they? The amount of innovation and productivity it has brought to businesses worldwide has been staggering. Where Salesforce once appeared to stand alone as the only cloud-based software service, it’s been joined over the past few years by thousands of applications that were once individually loaded on PCs (Office 365, the Adobe Creative Suite and WordPress come to mind). But with the good comes the bad―more accurately, the concerns―and, in the case of The Cloud, you can list issues related to security, governance and compliance as those that counterbalance the positive side of the Cloud ledger.

Shadow IT

Not to paint everybody with the same, broad brush stroke, but the preponderance of workers either have participated in Shadow IT, or continue to do so (it’s primarily the latter). Shadow IT refers to information technology that operates and is managed without the knowledge of the IT department―doesn’t sound very safe and secure, does it? Have you ever downloaded software that helps accomplish a task or goal without the knowledge of IT? Probably, right? That’s Shadow IT. But that’s not to say Shadow IT participants are operating with devious intentions; they do it for a variety of reasons, such as a need for expediency, or perhaps because corporate red tape, including required pre-requisites, preclude it. Participants’ goals―efficiency, productivity―may be noble and spot-on, but their actions can create a host of security headaches and issues at some point in the future. And there’s a very good chance it will. It’s estimated that within one (1) year, data breaches worldwide will cost organizations a collective $2.1 trillion. Oh, and the United States has the highest cost per breach ($7.9 million) in the world. Shadow IT helps buoy those numbers. Thinking a security issue only happens to the other guy is living in a fool’s paradise.

Cloud Access Security Brokers (CASB)

Sending out policies and conducting training for employees regarding computer and network use is great, and strongly encouraged, but counting on everybody adhering to these mandates is unreasonable and impractical, especially if your company has tens of thousands of workers scattered throughout the world.
To address the issue of Shadow IT, the industry has developed Cloud Access Security Brokers (no, they’re not people, but software), the name given by Gartner five (5) years ago that describes cloud security solutions centered around four (4) pillars: visibility, compliance, data security and threat protection. CASB is software planted between a company’s IT infrastructure and the cloud, and is now offered by several vendors, including Cisco―its CASB solution is called CloudLock (you can read about it here – Cisco CloudLock).
CASB utilizes an organization’s security policies to secure the flow of data to and from its IT infrastructure and the cloud. It encrypts data and protects it from malware attacks, provides encrypted data security, and helps defend protect against the scourge that is Shadow IT.

For more information…

With the help of its state-of-the-art Security Operations Center (SOC), GDT’s team of security professionals and analysts have been securing the networks of some of the most noteworthy enterprises and service providers in the world. They’re highly experienced at implementing, managing and monitoring Cisco security solutions. You can reach them at SOC@gdt.com. They’d love to hear from you.

Author

Share this article

You might also like:

Data is truly the lifeblood of business operations—as evidenced by the explosion of data, which is expected to swell from 120 zettabytes in 2023 to 180 zettabytes by 2025. The backbone of data center resiliency is secure, effective, high-performing data storage. Here’s how modern data storage solutions reinforce data center

Understand Software and Maintenance Overspend As anyone with visibility into business IT costs knows, it’s incredibly easy to overspend on software and maintenance without realizing it. The average organization uses upward of a hundred software applications. As a result, the asset portfolio becomes complex and disparate, driving up maintenance and

Robust, resilient data infrastructure is key to keeping your organization secure and avoiding the challenges that arise from data breaches or loss. But it isn’t just a risk mitigation strategy — a well-architected and well-maintained data center empowers your organization to move quickly, serve customers well, streamline processes, and keep