A lot of different consumer services in the cloud are available nowadays. If you want to have a good data driven IT management strategy in your company, you will need to acknowledge that besides the sanctioned IT cloud solutions there is also something we call "shadow IT". These are consumer services running in your company network without being sanctioned by the IT department. The fact that these employees bring these services into their workplace can pose significant security issues.
It is estimated that today, 72% of the IT professionals do not know the scope of shadow IT at their companies. Looking at the numbers of cloud services in use, we see a big increase. In the second quarter of 2014, 738 cloud services were used in countries, in the third quarter this number raised to 831 cloud services running in enterprises. For the whole picture over several quarters look at this figure (source: skyhighnetworks.com):
There are several reasons for this incline:
- we're early in the adoption cycle for cloud;
- there is a convergence of several forces driving innovation in software;
- with the availability of open source software components and low-cost platforms such as Amazon AWS, it's cheaper than ever to launch an application over the internet;
- we are recovering after the financial crisis of 2008, where as a result a lot of startups are solving problems in a new way.
Companies are realizing that "shadow IT" is becoming a problem. Not only is it possible that they do not comply with company policies but even worse than that they can impose great security issues. As a result, the first reaction of companies was to try blocking these services from their company networks, this proved to be unsuccessful because of several reasons. Being one of them, the fact that cloud services regularly introduce new URL's which are not blocked by the company firewall.
A solution for this problem could be to enable the cloud adaption lifecycle. Skyhigh offers a solution for this, based on three principles:
- Discover: Gain complete visibility into all cloud services in use and an objective risk assessment across data, business, and legal risk;
- Analyze: Identify security breaches and insider threats, analyze usage patterns to understand demand for cloud services, and consolidate subscriptions;
- Secure: Seamlessly enforce security policies including encryption, data loss prevention, and coarse and granular access control.
In conclusion, it should be stressed that it is of extreme importance that you search for shadow IT in your company and trace down the usage of these services. This can prevent sensitive data from leaking, which can be of vital importance to an enterprise. Using a dashboard tool like Skyhigh could be a good approach as this gives an easy overview of all the cloud services running in your company, and where necessary you can open a more detailed information panel of the service in question.