Cloud shadow IT is on the rise in most companies: individual employees, and sometimes entire departments, are using software tools that are not managed, controlled, or secured by the IT department. The result: company security and data is at high risk. But with a cloud access security broker, the problem can be handled automatically.
Have you ever translated a company presentation with DeepL? Or used Prezi for an internal presentation on a company project? And which app are you using to convert Word files into PDFs?
Many employees unquestioningly download apps or use applications from the cloud that the IT department has not approved. Security vendor McAfee reports that 53 percent of IT leaders worldwide believe that more than half of their colleagues are using applications that the IT department does not know about – that is, that it does not manage, control, or secure. According to McAfee, as many as 2,000 cloud services go unnoticed in some organizations. This creates not only additional expenses – but also a serious security problem.
This is because companies might be at risk of allowing unauthorized access to business-critical information or personal data, thus violating GDPR. After all, many free services expect information in return. In the worst case scenario, an employee could even pave the way for a hacker to enter the company.
Bans rarely work: Because we are used to downloading apps or using cloud services from the Internet as we see fit in our personal lives, we don't see the harm in doing the same in our professional lives. Employees are not seeking to harm their company by doing so. On the contrary, a Forcepoint study found that 56 percent of respondents from German companies said that these software tools enable them to complete their work tasks more easily and efficiently. Only a few are likely to know, however, that they could be inadvertently causing data leaks by doing so, which could result in their employer's intellectual property being leaked. Hardly anyone is aware that an app or cloud service has the potential to violate compliance and data protection.
So what is the best way to combat shadow IT?
How do cloud access security brokers shed light on shadow IT? The security tool analyzes log files and uses them to identify all cloud applications used in the company. The program evaluates the frequency with which employees use unauthorized cloud apps and the volume of data they exchange in the process. The security tool categorizes the cloud solutions and evaluates the potential risk of the respective SaaS services. As soon as it detects a danger, it blocks the service in question and offers secure cloud variants or, as a first step, informs the employee of the potential risk involved in using the service. That means that companies can use a CASB to expand their controls for internal security policies to include cloud services and automatically regulate cloud usage. This is not intended to criticize individual employees. Rather, IT departments want to raise awareness and point out dangers, not punish people. This is why the CASB pseudonymizes users.
Is the trend towards working from home giving you a headache? Then you are in the same boat as many security experts in German IT departments. I understand. It's simply easier to implement security, compliance, and governance within the walls of the company. The Hans Böckler Foundation reports that in January 2021, almost a quarter of the workforce in Germany worked primarily or exclusively from home. And: the trend toward mobile working will continue even after the pandemic.
Thankfully, the CASB service also has an eye on mobile workstations. Our Cloud Protect Pro managed service, for instance, not only analyzes shadow IT, but also monitors cloud applications such as Office 365, Dropbox, and Salesforce – applications that guarantee smooth collaboration. To do this, the tool evaluates employee activities and file movements to the various cloud services. No matter whether employees are working on company premises, on the road, or from home. The software service can recognize file formats, file contents, and even individual keywords, and uses a granular role concept to prevent unintentional sharing. This provides companies with an additional data loss prevention solution for their various SaaS platforms.