Monday, March 24, 2014
The looming threat of shadow IT
With the rising threat of data breaches and other incidents that put corporate information resources in jeopardy, organizations need secure file sharing solutions to keep their files safe.
With the rising threat of data breaches and other incidents that put corporate information resources in jeopardy, organizations need secure file sharing solutions to keep their files safe. Information security becomes even more complicated - and pressing - as companies implement cloud storage solutions and drastically expand the volume of information they manage.
Shadow IT grows with the cloud
The cloud offers convenient, affordable ways to store and access documents, making it especially appealing for employees who want to be able to retrieve company information while working remotely or on the go. However, not all cloud services provide adequate protection for sensitive information, and the independent use of consumer-grade products for business purposes makes it near impossible for IT staff members to oversee the flow of corporate information.
According to recent reports, "shadow IT" or "rogue IT" is a growing phenomenon, presenting potential challenges for companies that need to ensure their data is protected. These terms refer to the practice of employees using their own services to manage their professional activities, such as relying on consumer services like Dropbox to store and share files. In addition to exposing information to less secure environments, this practice is problematic because IT teams are not aware of where information is going and what services are being connected to the company's network. In essence, this practice chips away at IT's control over the system.
Referring to a recent 451 Research study commissioned by Microsoft, Forbes magazine explained that the majority of cloud-based activity within the business world is happening under the radar of official IT services. Technical professionals don't even know which employees are using which services at their organization, making it impossible to manage security for the data being exchanged through those solutions. Global leader and founder of Cisco's Cloud Consumption and Broker Services Practice Robert Dimicco estimated in a blog entry that employees typically use five to 10 times more cloud services than their IT departments think they use.
Preventing rogue activity by providing better options
Workers resort to outside services and programs for business activities because these solutions are convenient and accessible. Services like Dropbox, Box and Salesforce are readily available and often familiar to workers who might already use them for personal purposes. However, the corporate world has its own security needs that require closer oversight than consumer activities, so it's important for businesses to be able to manage how their resources are stored and exchanged.
"One of the most common issues is employees going around IT to get to the public cloud," John Humphreys, vice president of sales at Boston-area consulting and IT management firm Egenera, told NetworkWorld. "The big question is, how can we make it easier for workers to go through us instead of going around us?"
Issuing policies and rules regarding information security and cloud service usage isn't enough to dissuade employees from resorting to shortcuts, particularly when maintaining information security is paramount to an organization. In addition to these measures, companies must offer employees secure file sharing alternatives that are equally convenient and functional so they have no reason to look elsewhere for solutions.
For example, corporations can use secure email solutions and wide area file services (WAFS) that give workers the same degree of accessibility as consumer-grade products. This way, employees can access the materials they need to complete their jobs from anywhere, even on their mobile devices, without removing sensitive information from the secure company network. Many enterprise file transfer services are hosted in the cloud to offer the scalability and flexibility of consumer-facing solutions while maintaining a higher degree of protection. By making these programs an integral part of corporate processes, businesses can decrease the likelihood that their workers will go rogue.