You’ve kept your business running with a newly established remote workforce, and may even be planning to permanently shift some employees to remote working in order to complement other cost cutting measures that you are taking.
The new web-based collaboration tools you’ve deployed will provide huge opportunities for increased productivity and collaboration across your organisation, and as a result your remote workforce is aligned to your business goals and motivated. Job done – right?
Unfortunately, while web-based collaboration tools provide opportunities for increased productivity, the complexity of keeping sensitive data secured continues to grow as unsanctioned ‘shadow applications’ – web-based applications completely invisible to IT security teams – create gaps in even the most well-managed security posture, with every drag, drop and share becoming a source of potential data compromise.
Loss of IT control
When users find applications provided by the IT team are too much hassle, or lacking in functionality, it’s easy to cut through the red tape and deploy apps at will, without the knowledge or approval of the IT team. Just log in, upload, share and it’s done. The question is, who controls it?
Shadow IT presents a major challenge for IT executives. Having very little visibility into where the organisation’s critical data is located, who has access to it, and what security controls are in place poses a hefty risk to the entire organization.
Shadow IT does however, also have its benefits. Integrating new cloud applications into the workplace can lead to greater innovation and productivity. Employees can use the tools that best serve their role. Banning the use of cloud applications can often hinder creativity and do more harm than good.
The reality is that there are very few ways to stop the practice – and there is actually no need to do so. This is not to say that you shouldn’t try to shine as much light as possible into the darkness of the IT landscape. These days, there are technologies available that allow IT teams to easily manage the use of Cloud Apps.
Enter the Cloud Access Security Broker (CASB)
A CASB enables your business to discover, analyse, secure, and manage user interaction with cloud applications. Providing you with discovery and visibility of both sanctioned and unsanctioned cloud applications. This way, IT managers find out about unauthorised but popular cloud applications and have the opportunity to control and approve their use. For example, Dropbox and other file-sharing services are not fundamentally dangerous, but some risky features such as uploading or sharing critical business data might need to be strictly controlled.
Educate your employees
Organisations need to acknowledge that everyone, especially their own employees, pose a threat to IT security, intentionally or unintentionally. That’s why in addition to the use of modern security technologies, staff education should always be a top priority. Realising that corporate data can quickly get into the wrong hands via cloud applications and putting processes in place to ensure staff think twice about this is the first step towards improving IT security.