Transparent padlock on a beige-gray circuit board

How to Control your Cloud Shadow IT

Analyze and regulate cloud usage in your organization with a cloud access security broker (CASB)

July 16 2021Paul Schöber

Shadow IT: underestimated risk

Cloud shadow IT is on the rise in most companies: individual employees, and sometimes entire departments, are using software tools that are not managed, controlled, or secured by the IT department. The result: company security and data is at high risk. But with a cloud access security broker, the problem can be handled automatically. 

When do apps from the cloud become dangerous?

A Tablett with a cloud and a lock in magenta

Have you ever translated a company presentation with DeepL? Or used Prezi for an internal presentation on a company project? And which app are you using to convert Word files into PDFs?
Many employees unquestioningly download apps or use applications from the cloud that the IT department has not approved. Security vendor McAfee reports that 53 percent of IT leaders worldwide believe that more than half of their colleagues are using applications that the IT department does not know about – that is, that it does not manage, control, or secure. According to McAfee, as many as 2,000 cloud services go unnoticed in some organizations. This creates not only additional expenses – but also a serious security problem.
This is because companies might be at risk of allowing unauthorized access to business-critical information or personal data, thus violating GDPR. After all, many free services expect information in return. In the worst case scenario, an employee could even pave the way for a hacker to enter the company. 

How can shadow IT be kept in check? 

Bans rarely work: Because we are used to downloading apps or using cloud services from the Internet as we see fit in our personal lives, we don't see the harm in doing the same in our professional lives. Employees are not seeking to harm their company by doing so. On the contrary, a Forcepoint study found that 56 percent of respondents from German companies said that these software tools enable them to complete their work tasks more easily and efficiently. Only a few are likely to know, however, that they could be inadvertently causing data leaks by doing so, which could result in their employer's intellectual property being leaked. Hardly anyone is aware that an app or cloud service has the potential to violate compliance and data protection.
So what is the best way to combat shadow IT?

  1. Educate your workforce about the risks of shadow IT. Provide examples of specific services to illustrate where your sensitive data could end up.
  2. Define policies for the use of cloud services. 
  3. Put your trust in a cloud access security broker (CASB) to consistently analyze your cloud traffic.

How do we prepare for a digital future?

This is exactly where T-Systems supports as a thought leader with inspiration on innovative topics. Learn how we can shape the next steps into our digital future together.

CASB: Basic protection for cloud security

A gray cloud made of glass is broken into small squares

How do cloud access security brokers shed light on shadow IT? The security tool analyzes log files and uses them to identify all cloud applications used in the company. The program evaluates the frequency with which employees use unauthorized cloud apps and the volume of data they exchange in the process. The security tool categorizes the cloud solutions and evaluates the potential risk of the respective SaaS services. As soon as it detects a danger, it blocks the service in question and offers secure cloud variants or, as a first step, informs the employee of the potential risk involved in using the service. That means that companies can use a CASB to expand their controls for internal security policies to include cloud services and automatically regulate cloud usage. This is not intended to criticize individual employees. Rather, IT departments want to raise awareness and point out dangers, not punish people. This is why the CASB pseudonymizes users.

Managed security for SaaS applications

Is the trend towards working from home giving you a headache? Then you are in the same boat as many security experts in German IT departments. I understand. It's simply easier to implement security, compliance, and governance within the walls of the company. The Hans Böckler Foundation reports that in January 2021, almost a quarter of the workforce in Germany worked primarily or exclusively from home. And: the trend toward mobile working will continue even after the pandemic.

Thankfully, the CASB service also has an eye on mobile workstations. Our Cloud Protect Pro managed service, for instance, not only analyzes shadow IT, but also monitors cloud applications such as Office 365, Dropbox, and Salesforce – applications that guarantee smooth collaboration. To do this, the tool evaluates employee activities and file movements to the various cloud services. No matter whether employees are working on company premises, on the road, or from home. The software service can recognize file formats, file contents, and even individual keywords, and uses a granular role concept to prevent unintentional sharing. This provides companies with an additional data loss prevention solution for their various SaaS platforms.  

White paper: IT Security in the Cloud Age

Risks are lurking in the cloud. That is why it is essential to have a holistic security concept. What are the key aspects of a cloud security strategy? 

About the author

Paul Schöber

Offering Manager , T-Systems International GmbH

Show profile and articles

You might also be interested in:

Do you visit t-systems.com outside of Germany? Visit the local website for more information and offers for your country.