Per Frost & Sullivan, more than 80 percent of employees admit to using non-approved SaaS apps in their jobs. The number of cloud services used by corporate employees is also quickly outpacing internal IT estimates. While IT groups typically estimate that employees are using 51 different services, the actual number is 15 times greater.
And it’s not just individual employees that are turning to shadow IT. Increasingly, non-approved SaaS applications are being adopted by entire work groups or departments, without IT’s knowledge, and with little consideration for the security risks they bring.
As employees continue to reach for tools and services that may not be IT-approved, IT professionals know they need to balance security risk tolerance while empowering departments and teams to achieve higher productivity.
How can you secure critical data without compromising productivity?
While the urge to block shadow IT is understandable, it’s at best, a short-term solution. Not only does it reduce an organization’s ability to innovate, it inevitably results in employees finding ways around the restrictions.
Rather than blocking users from accessing the services they need to do their jobs efficiently, IT administrators need to find ways to monitor these services, analyze their risk profile, and offer alternatives for apps that fail to meet security or compliance needs.
Cloud Access Security Brokers: Flexibility meets control
According to Gartner, Cloud Access Security Brokers (CASBs) are “on-premises or cloud-based security policy enforcement points that are placed between cloud service consumers and cloud service providers.”
They give organizations a detailed picture of how their employees are using the cloud.
- Which apps are they using?
- Are these apps risky for my organization?
- Who are the top users?
- What does the upload/download traffic look like?
- Are there any anomalies in user behavior such as: impossible travel, failed logon attempts, suspicious IPs?
Such behaviors can indicate whether their account has been compromised or whether the worker is taking unauthorized actions.
Along with better threat protection, CASBs offer IT professionals better visibility and control over the apps used in their environment. Once you have discovered the full extent of the apps used in your environment, you can then set policies that control the data stored in these apps for data loss prevention.
Exploring a CASB solution can be a great step to enhancing your security environment. With better visibility, protection, and management over your shadow IT, you can give employees the choice to use the apps they need, without sacrificing the security and compliance your organization demands.
To learn more about shadow IT and how CASBs can help your organization, download the e-book.
from Microsoft Secure Blog Staff