//
you're reading...
Cloud Computing, IT & TECHNOLOGY

Managing Shadow IT


CSA-Logo

Code42_Shadow_IT“Shadow IT,” or solutions not specified or deployed by the IT department, now account for 35 percent of enterprise applications. Research shows an increase in IT shadow spend with numbers projected to grow another 20 percent by the end of 2015.

Experts agree that shadow IT is here to stay, particularly the growing tendency to use cloud services for collaboration, storage and customer relationship management.

Enterprise organizations can’t afford to bypass the productivity and profitability that comes with a happy and enabled mobile workforce. However, the utilization of SaaS that IT has not vetted and approved may expose regulated or protected personal data, which a business is responsible for remediating.

California leads the way in the privacy arena with the Security Breach Notification Law and Online Privacy Protection Act. The Federal Trade Commission is the primary U.S. enforcer of national privacy laws, with other national and state agencies authorized to enforce additional privacy laws in vertical industries such as banking and health care.

Sanctions and remedies for non-compliance with FTC data protection laws include penalties of up to US $16,000 for each offense. The FTC can also obtain an injunction, restitution to consumers, and repayment of investigation and prosecution costs. Criminal penalties include imprisonment for up to ten years. In 2006, a data broker agreed to pay US $15 million to settle charges filed by the FTC for failing to adequately protect the data of millions of consumers. Settlements with government agencies can also include onerous reporting requirements, audits and monitoring by third-parties. A major retailer that settled charges of failing to adequately protect customer’s credit card numbers agreed to allow comprehensive audits of its data security system for 20 years.

So, what is the answer? How do you start to get a handle on shadow IT?

Ask.
Ask employees which cloud services they are using. You might also need to utilize a combination of automated and manual discovery tools to get a complete picture of what programs employees are using and what data is hosted and shared in provider clouds. These “cloud consumption” dashboards can monitor and assess cloud usage and detect encryption tools at each host.

Protect your data.
Implement automatic backup of all endpoint data in the enterprise to capture a real-time view of where employee data lives, when and where it moves and who has touched it—even as it moves to and from non-approved clouds.

Act fast when the inevitable happens.
The reality is a breach may be inevitable, but you can recover. With continuous and automatic endpoint backup, IT can quickly evaluate the content of files believed to have been breached and act in good faith to lessen the impact. Additionally, understanding what was stolen allows a company to make an accurate disclosure and manage consumer confidence issues.

For CIOs and IT staff accustomed to maintaining complete control over their digital ecosystems, relinquishing even a bit of this control can be terrifying—even in the name of productivity. And yet, with a security strategy that focuses on complete data visibility, they can empower mobile workers while minimizing the risks associated with the dark side of shadow IT.

Rachel Holdgrafer, Business Content Editor, Code42

[Cloud Security Alliance Blog]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 119,313 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,247 other followers

Twitter Updates

Archives

October 2015
M T W T F S S
« Sep   Nov »
 1234
567891011
12131415161718
19202122232425
262728293031  
%d bloggers like this: