Companies have less control of their data than they think. Employees widely use unapproved cloud services, with Gartner finding shadow IT making up as much as 30 to 40 percent of IT spending.
Every cloud service presents the potential risk of data loss, so how can companies take control of data accessed through these unauthorized services? The risk is high since these services aren’t subject to the IT team’s control and don’t benefit from their security expertise. A cloud access security broker (CASB) can help businesses identify which shadow IT services are being used and apply corporate data protection policies to them.
Securing Applications You Don’t Even Know About
The first step in securing these unknown shadow IT applications is to make them known. A CASB can discover all the cloud services being used by your organization through examining firewall and other network logs. This reveals the applications being accessed and allows them to be evaluated for their risk based on attributes such as how they are known to handle data.
Some CASBs use hardcoded databases to recognize the third-party services being used, but more advanced CASBs like Bitglass rely on machine learning techniques to automatically identify applications. This means the CASB isn’t prevented from recognizing an application due to changes in the services it provides.
In either case, once the tool determines there’s communication with an unapproved application, it can apply a default policy to protect data, such as allowing read-only access. After the business has had a chance to review the application in more detail, an appropriate governance policy can be implemented.
Apply Controls to Identified Applications
The CASB gives you detailed visibility into how users are interacting with these shadow IT applications, so now that they’re out of the shadows you can fine-tune the controls applied to the interactions. Services can be blocked entirely or allowed, with data loss prevention controls to ensure that no protected data is accidentally exposed.
Users can also be redirected to use approved cloud services, enabling them access to the capabilities they need without risk to data. Educating users is in fact one of the most important aspects of managing shadow IT. Most employees use these unapproved applications because they help them get their jobs done better—they’re trying to do the right thing for the business. Help them understand how shadow IT creates risks and they’ll do the right thing by not hiding their cloud usage in the shadows.