If you think your business has no shadow IT problems, you are denying reality. Immediately you feel you know the whole range and you can't control it alone with cloud security tools. The above conclusions are based primarily on IT specialists who expose the shadow it issues within the enterprise, as well as vendors selling cloud security tools.
In this context, shadow it involves the cloud services deployed by end users within the enterprise, without any help or approval from the enterprise IT department. According to a survey conducted by cloud consulting firm 2nd Watch in December, the problem has become the key to business, with 133 of IT experts involved in the survey.
Based on the content of the survey, we found that most business units in the Enterprise (61%) bypassed it to access cloud services. In addition, although IT departments have some requirements for delivering cloud services to business units, their 74% response delivers only 37% of the entire service used by the enterprise.
Cloud security tools can only be exclaiming
Cloud security tools are useful sooner or later, but not the only solution for discovering services that might put enterprise IT security into service.
"We don't want bottlenecks or innovation," says Ignacio Mcbeatch, an operations manager at a financial services company in New York. "But at the same time, we want to make sure that we're using enterprise-class services and have applied security policies." ”
Mcbeatch purchased a product from a California cloud security software provider, Skyhigh NX, to assess how many services were used without it knowing, and found 562 unauthorized services detected.
These services are sourced from a variety of sources, including personal applications, such as Gmail and Facebook, to Google Analytics and infrastructure-services offerings from Amazon Web Services, Internap receptacle services, and Rackspace. There are a lot of software that is running as a service instance.
Skyhigh's software suite also allows companies to set up security frameworks around all services in the environment, whether or not it is used entirely alone. However, even experienced it practitioners will find it difficult to uproot the shadow it in the business and use software or professional services alone.
The Softchoice company provides professional services to assess shadow it questions that exist in the client's organization, and soon begins to analyze it in its own organization after the launch of its assessment service in June 2012.
"In our environment, we think we have 17 applications, and we think we have a good understanding of all of the applications that are running," said Mike Kane, Softchoice business development manager, "after we ran the two-week assessment, we found that more than 40 services were in use. ”
Even after this assessment, there will be a separate application to the central management and security control portal, a few months later, the company found that there are still departments in the purchase of IT departments unknown external applications.
This is not just a careless, or a simple end user's easy desire to lead to shadow it; some cloud service vendors are also aggressively bypassing corporate IT departments in their business to sell their products.
"We can sell bigger systems to it, but we have a few smaller systems around it, working with business," says Rick Clarkson, Signiant's VP of Product Management, a file-sharing service provider. Slow sales cycles in it often cause the business unit to go outside and ask for help. "We have customers who have bought our products mainly because they have to wait two years before it delivers to them," he said.
Slow shadow it needs to be cleverly marketed
To uproot shadow it, enterprise it must make itself more attractive to the business unit, satisfy its demands, and defeat cloud service providers in its own game.
Softchoice's Kane said: "In fact these are communication and training, in many cases, IT staff do not have such a skill set, but these can be changed." "Softchoice from its own experience, it is necessary to provide better training in the application, and, more importantly, communication is the key to the smooth implementation of security and regulatory strategies."
A single point of entry through centralized security and management portals is an example of a new application that attracts users to the enterprise IT deployment, he adds.