GDT Webinar Series – How to Fail at Security? Reserve Your Spot

Shadow IT―you might be a participant and don’t even know it

By Richard Arneson

Everybody loves the cloud, and why wouldn’t they? The amount of innovation and productivity it has brought to businesses worldwide has been staggering. Where Salesforce once appeared to stand alone as the only cloud-based software service, it’s been joined over the past few years by thousands of applications that were once individually loaded on PCs (Office 365, the Adobe Creative Suite and WordPress come to mind). But with the good comes the bad―more accurately, the concerns―and, in the case of The Cloud, you can list issues related to security, governance and compliance as those that counterbalance the positive side of the Cloud ledger.

Shadow IT

Not to paint everybody with the same, broad brush stroke, but the preponderance of workers either have participated in Shadow IT, or continue to do so (it’s primarily the latter). Shadow IT refers to information technology that operates and is managed without the knowledge of the IT department―doesn’t sound very safe and secure, does it? Have you ever downloaded software that helps accomplish a task or goal without the knowledge of IT? Probably, right? That’s Shadow IT. But that’s not to say Shadow IT participants are operating with devious intentions; they do it for a variety of reasons, such as a need for expediency, or perhaps because corporate red tape, including required pre-requisites, preclude it. Participants’ goals―efficiency, productivity―may be noble and spot-on, but their actions can create a host of security headaches and issues at some point in the future. And there’s a very good chance it will. It’s estimated that within one (1) year, data breaches worldwide will cost organizations a collective $2.1 trillion. Oh, and the United States has the highest cost per breach ($7.9 million) in the world. Shadow IT helps buoy those numbers. Thinking a security issue only happens to the other guy is living in a fool’s paradise.

Cloud Access Security Brokers (CASB)

Sending out policies and conducting training for employees regarding computer and network use is great, and strongly encouraged, but counting on everybody adhering to these mandates is unreasonable and impractical, especially if your company has tens of thousands of workers scattered throughout the world.
To address the issue of Shadow IT, the industry has developed Cloud Access Security Brokers (no, they’re not people, but software), the name given by Gartner five (5) years ago that describes cloud security solutions centered around four (4) pillars: visibility, compliance, data security and threat protection. CASB is software planted between a company’s IT infrastructure and the cloud, and is now offered by several vendors, including Cisco―its CASB solution is called CloudLock (you can read about it here – Cisco CloudLock).
CASB utilizes an organization’s security policies to secure the flow of data to and from its IT infrastructure and the cloud. It encrypts data and protects it from malware attacks, provides encrypted data security, and helps defend protect against the scourge that is Shadow IT.

For more information…

With the help of its state-of-the-art Security Operations Center (SOC), GDT’s team of security professionals and analysts have been securing the networks of some of the most noteworthy enterprises and service providers in the world. They’re highly experienced at implementing, managing and monitoring Cisco security solutions. You can reach them at They’d love to hear from you.


Share this article