Six Ways MSPs Can Mitigate Shadow IT
The growing prevalence of ‘shadow IT’ is not expected to slow down this year. Having emerged over the last year or so, this threat will continue to be of concern for managed service providers (MSPs) that are looking to protect cloud data and maintain integrity in cloud-based file sharing. In order to do, we discuss six steps for improving cloud security against shadow IT.
The growing prevalence of ‘shadow IT’ is not expected to slow down this year. Having emerged over the last year or so, this threat will continue to be of concern for managed service providers (MSPs) that are looking to protect cloud data and maintain integrity in cloud-based file sharing. In order to do, we discuss six steps for improving cloud security against shadow IT.
Shadow IT, as described to TechRadar by Perry Gale, VP of workflow at Nintex, “concerns the unauthorized use of hardware and software that is not supported by an organization’s central IT department. In many cases, the IT department has not approved the technology or doesn’t even know that employees are using it.”
“Shadow IT snuck into the spotlight in 2014 and, according to research, it will only expand throughout 2015,” said a recent commentary from TechRadar. The article also cited the organization’s January 2015 Cloud Report, which found that the majority of the growing number of cloud apps being used by an organization are business-critical, yet a whopping 88 percent are not considered to be enterprise-ready. Furthermore, these less accountable apps are completely unsanctioned.
Gale suggests that there are a number of reasons why shadow IT is on the rise, not the least of which are the emergence of bring your own device (BYOD) policies and the trend for businesses to otherwise encourage their employees to think like consumers.
This evolving set of standards has helped to usher in a new set of challenges, and it’s important for MSPs to help organizations and their IT departments remain vigilant in addressing a new era of threats—even those that remain hidden in the shadows.
With that in mind, here are six steps that MSPs can take to help organizations to improve their cloud security:
1. Discover
Careful planning and clever policies can be used to combat the shadow cloud. However, that fight begins with the discovery of what threats your client is facing. The battle begins by discovering what enterprise cloud apps are residing in your client’s IT environment.
2. Assess
The second step is uncovering what security, audit, and business continuity capabilities the apps in your client’s IT environment possess, in order to assess what risks they may pose. In this stage, talk to employees to gain an understanding as to why they have chosen to use such solutions.
3. Consolidate
Next, consolidate low-quality apps in order to help your client determine or refine a corporate policy that collaborates with users by coaching them on limiting cloud security risk from their endpoints. Enterprises may decide, at this time, to allow certain apps to remain in use, albeit requesting that their staff adhere to requests not to “upload” or “share” information directly through the app.
4. Understand
Understand what information is being housed in cloud apps by discovering what corporate data and intellectual property may be residing on an employee’s device, whether intentionally uploaded to the cloud or simply at rest somewhere on the device.
5. Gain visibility
Gain visibility into what information your client’s employees are swapping over their devices, be it uploads or downloads. Even downloading a file, an email, or an image carries the risk that malicious content could find its way onto a device.
6. Mitigate risk
Finally, mitigate all this risk by determining which apps are business-critical and adhere to the policies that you’ve helped your client to build or revise. It takes plenty of adherence from an organization’s employees to help secure data against shadow IT, so be sure to audit regularly.