Shadow IT is a problem at almost every organization, and the longer it’s left unchecked, the greater the chances are of it causing serious cloud security issues and compliance violations. Getting employees’ use of unauthorized cloud applications under control is critical to maintaining a strong security posture. One of the most important steps to addressing shadow IT is identifying the specific cloud security issues it creates at your organization. Here are two of the most common, and how to address them.
- Increased risk of data leaks due to inappropriate file or data access
Cloud-based file sync and share services are among the most commonly adopted shadow IT applications, and for good reason. Having the ability to access files anywhere and from any device, and to share those files easily with colleagues and outside business partners, can greatly benefit productivity. Unfortunately, unauthorized file sync and share services can also create cloud security issues. When files are hosted on an unsanctioned cloud service provider’s servers, the enterprise has no way to control (or even know) who has access to them. Data security depends on large part on restricting and controlling access to sensitive information; shadow IT instances of file sync and share undermine that.
- Increased risk of data residency and regulatory compliance issues
A number of data privacy and security regulations govern the use and transmission of sensitive personal data e.g. bank and credit card account numbers, SSNs, and confidential health information. In order to remain in compliance, organizations must handle and protect sensitive information according to government or regulatory standards. In some cases, sensitive information based on data residency laws is required to remain inside the borders of a country. Employees who use shadow IT can inadvertently violate data privacy regulations simply by saving their data to the wrong cloud service.
The solution: Awareness and control
Identifying which cloud security issues are affecting your company through employees’ use of shadow IT requires that you first know which SaaS applications your employees are using. An analysis of the applications being used will provide you with both what your organization’s cloud needs are, as well as what areas are currently at risk. The use of unauthorized CRM, sales, or billing applications can create issues around customer financial data. While large-scale use of file sync and share apps may put confidential or proprietary corporate documents in danger of unauthorized access or exposure. Only by understanding your employees’ activities and the risks they create can you develop an effective strategy for bringing shadow IT and its related cloud security issues under control.
Still not sure whether shadow IT is a problem at your organization? Take a look at the research. GigaOm’s research report “Data Protection and Cloud Security in a Shadow IT World” presents a number of shadow IT statistics that security-minded enterprises should take to heart.