Welcome!

Cloud Security Authors: Yeshim Deniz, Zakia Bouachraoui, Liz McMillan, Elizabeth White, Ravi Rajamiyer

Related Topics: @CloudExpo, Java IoT, Microservices Expo, Linux Containers, Cloud Security, SDN Journal

@CloudExpo: Blog Feed Post

Caught! The Real Culprit of Shadow IT

There are some amazing SaaS options out there, so many that IT cannot be expected to find them all first

Once you learn the definition of shadow IT, it shouldn’t be too shocking to learn how widespread it is at companies large and small all over the world. I hate to assume, but the odds are, that you yourself have used a non-IT approved SaaS option for the same reason as everyone else, myself included. We’re all expected to do our jobs faster, and at a higher quality than we did in the past, and sometimes it’s just too easy to go behind the backs of those whom we perceive to slow us down, or act as a blocker.

A recent study showed that eighty percent of those polled admitted using SaaS applications and tools without IT’s approval, which, when you’re part of that eighty percent, isn’t all that shocking. The real kicker is the revelation of who has been using shadow IT SaaS solutions more than anyone.

IT employees themselves.

What’s their reasoning? “IT users feel they can handle the risk better.” That's...not really good enough.

Even as an occasional user of shadow IT myself (I’m trying to quit!) I am happy to see that not every article found online simply touts the ill-advised practice as out-of-control, or impossible to stop. In fact, now that we’ve all learned just how widespread the problem is, many are already well underway in finding a way to rein it in. And in what should relieve CIOs, security professionals, and others responsible for heeling shadow IT as soon as possible—the solution is shockingly simple.

Put a clear policy in place that lists the SaaS options that are allowed, and also formally states that if you’re using one that is not listed, particularly those that are discovered to put you and your customers’ data at risk—this is a real problem.

But how do you know which ones to allow? Not only is this easy, it’s healthy for the culture of your business. Speak with those employees who are using shadow IT, and who have come to rely on these apps to do their job. Let them explain why they chose this or that option, and why the non-shadowy options prohibit them from doing their jobs, or more importantly, from innovating and helping take the company to the next level.

Many of the applications that employees are secretly utilizing probably aren’t a security threat, and like we learned earlier, I’d be willing to bet that many of them are also being used by IT employees as well as others. But as McAfee Asia-Pacific CTO Sean Duca explains, it’s the “shadow” aspect that’s ultimately “bad for business.”

With shadow IT usage being so rampant, across multiple departments, employees aren’t turning to these non-approved options out of laziness, or spite. It’s because IT doesn’t have the time to fully vet every SaaS option out there. Speak with employees to learn what’s helping them do their jobs. Make this an opportunity, as Duca suggests, to “be more open and candid,” to increase the collaboration and communication between departments, and so that “companies can consider purchasing the products so they could be used securely from inside their organizations.”

There are some amazing SaaS options out there, so many that IT cannot be expected to find them all first. But when a new option comes along, especially one that helps you innovate better and faster—don’t leave it in the shadows and put your job or your company at risk. If it’s as great of a solution as you think it is, get it approved, and perhaps even more of your company can benefit and innovate from it than just yourself.

Read the original blog entry...

More Stories By Skytap Blog

Author: Noel Wurst is the managing content editor at Skytap. Skytap provides SaaS-based dev/test environments to the enterprise. Skytap solution removes the inefficiencies and constraints that companies have within their software development lifecycle. As a result, customers release better software faster. In this blog, we publish engaging, thought provoking stories that revolve around agile enterprise applications and cloud-based development and testing.

IoT & Smart Cities Stories
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-c...
Machine learning has taken residence at our cities' cores and now we can finally have "smart cities." Cities are a collection of buildings made to provide the structure and safety necessary for people to function, create and survive. Buildings are a pool of ever-changing performance data from large automated systems such as heating and cooling to the people that live and work within them. Through machine learning, buildings can optimize performance, reduce costs, and improve occupant comfort by ...
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
Poor data quality and analytics drive down business value. In fact, Gartner estimated that the average financial impact of poor data quality on organizations is $9.7 million per year. But bad data is much more than a cost center. By eroding trust in information, analytics and the business decisions based on these, it is a serious impediment to digital transformation.
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
Predicting the future has never been more challenging - not because of the lack of data but because of the flood of ungoverned and risk laden information. Microsoft states that 2.5 exabytes of data are created every day. Expectations and reliance on data are being pushed to the limits, as demands around hybrid options continue to grow.
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities - ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups.
As IoT continues to increase momentum, so does the associated risk. Secure Device Lifecycle Management (DLM) is ranked as one of the most important technology areas of IoT. Driving this trend is the realization that secure support for IoT devices provides companies the ability to deliver high-quality, reliable, secure offerings faster, create new revenue streams, and reduce support costs, all while building a competitive advantage in their markets. In this session, we will use customer use cases...