Protecting Corporate Data: Embrace Shadow IT from the Inside Out
In this day and age of enterprise mobility and competitiveness, there is a strong demand to have documents available anywhere at any time. As a result, the majority of people have embraced the trend of using their own mobile devices and various cloud service providers to constantly access and share their work. But what most people don’t understand is that they are unknowingly opening up their company data to risk.
Current cloud service providers, including the popular Dropbox and Google Drive have limited security features, thereby leaving businesses with gaps on how to manage and keep private data and documents secure. Because privacy and security are vital to the success of any business, for IT departments, Shadow IT and these outside applications bring a host of security and compliance complications for keeping employees from disclosing or leaking private company information.
First and foremost, it’s important to recognize that the majority of organizations handle web security rather well through DNS traps, firewalls and other various defenses. However, the key component these manage is the external threat. What needs to be addressed though is the internal one.
Simply put, with employees integrating their personal devices and cloud storage services into their day-to-day work, IT departments now have to be concerned with not only external hackers, but also internal “hackers,” i.e. the users‘ flooding the Internet with all of a company’s sales records, confidential files or internal spreadsheets, in an unprotected and unsecured way.
Traditionally, companies have considered the external threats as the first line for protection and the majority share of an IT budget has often deployed there, as senior decision makers often see this as the main route of security threats. In return, the internal security has often featured lower down the list when it comes to budgetary priorities and focused on passwords. Additionally, IT departments are often hesitant to implement new, stricter authentication solutions as it requires user training, incurring both monetary and time costs.
However, this approach to security is incredibly dated. With Shadow IT growing in popularity and users’ heavy reliance on an open and integrated cloud environment, it’s time for IT departments to stop fighting their users on control of hardware and software choices and finally start securely embracing Shadow IT and the applications they can’t control.
IT will never be able to fully stop employees from bringing in personal devices and handpicked services into the enterprise network. After all, users want these services – Dropbox, Google Drive, Evernote and all of the other cloud-based services that are easy to use and universally compatible with applications. Users want the simplicity of these shadow applications, not a complex IT department corporate system full of regulations. But, as good as these services are, they’ve been designed purely for consumer use and not to keep an organization’s information and customer details secure and accessible.
So What’s the Solution?
With the advancement of technology, Shadow IT applications should be an enterprise solution, not an inhibitor. IT departments need to start welcoming this change and seeing it as a way forward, not as a challenge. Now that most cloud-based services have open APIs that enable third-party software vendors to add security and functionality to their services, IT departments are now in the lucky position of gaining a range of applications to help users’ access cloud services, without actually compromising the enterprise’s security.
Instead of reinventing the wheel or enforcing stricter compliance regulations, IT departments need to focus on how they can enhance and add additional functionality to these downloadable apps that address issues surrounding security. Don’t implement massive over-priced solutions that are too difficult for users to use or just simply ban them from deploying these outside, “unsanctioned” applications. Instead, work with the users that are implementing technology on their own and finding out what they need and why they are making certain usage decisions. By working with and not against users, IT can focus on how they can extend and add to these external applications, while adding the security the corporate entity needs and the additional functionality users crave.
Once IT departments start embracing and not banning Shadow IT, they will finally understand that this is actually a new and improved way of working because it allows users and IT Departments more freedom to work together in a more sustainable way.
