If you've ever wondered what the single most effective trigger is to make the blood pressure of IT and compliance professionals simultaneously skyrocket, the answer is simple: mention the term Shadow IT and see what happens.
And to be completely honest, as a cyber security expert my blood pressure is equally as spiked. The mere thought of highly confidential corporate assets being uploaded to some rogue cloud platform completely unknown to the powers that be within an organization is frankly terrifying.
All terror aside, the greatest question to be asked is why do so many employees turn to external cloud platforms in the first place—I’m not sure anyone will like the answer. It all comes down to one single factor: IT cannot deliver the same experience, convenience, or ease-of-use as big cloud providers.
But before anyone thinks that this is some sort of insult, it's far from it. It's actually far more about what people expect of IT departments paired with their own outside influences and habits, and why those expectations are completely unrealistic.
Let's take DropBox as a perfect and typical example of a cloud platform that is considered by many as "Shadow IT.” I'm sure that in our personal lives, the majority of us use this platform or something just like it—and why wouldn't you? From its super slick and easy drag and drop functionality, to its ubiquitous connectivity on any and all devices, the idea of having access to all your files at all times is downright amazing. And it is amazing; however, not to IT and compliance professionals, and for good reasons.
Here's where reality and expectation collide. When you consider the power of personal habits combined with modern technological convenience, the expectations of what can and should be the norm vastly changes. However, that same set of habits and convenience—something that most definitely influences how people also expect to work—rarely aligns with that of the corporate environment.
That said, if people have expectations and habits that work for them, that also make them more productive, by nature people are going to gravitate towards external solutions, regardless of what their employer says. Pair that with IT not being able to accommodate certain "expected" IT needs, and suddenly their jobs, associated projects, employee reviews, and even bonuses are placed in jeopardy. In short, IT may very well be out-of-sync with the perceived reality of the daily grind.
So why can't IT just catch up? After all, if it's nothing more than a free app, and the IT folks are super smart, can't they just spin something up quickly? No, and here's why.
Go to your IT department and ask them to build you the exact equivalent of DropBox. Sound reasonable? No it does not. Let's not forget that even in the early days of the now famous cloud platform, DropBox was given a $10 billion valuation right after it raised $1.1 billion in an initial investment round. So, unless someone is willing to spin up a company-within-a-company and throw 1.1 billion dollars at IT for a new cloud “project," the reality is that IT can't and will never be DropBox.
So if IT can't compete with the outside world—because they are busy doing real work that drives their own company—then what is the alternative? It's actually easy: embrace what many refer to as Shadow IT.
And if that sounds like the old adage of if you can't beat 'em, join ‘em, you are absolutely right. But with one monumental difference. In the case of joining them, it must be on one's own terms, ensuring that whatever cloud platform is being used that it is secured and monitored at all times.
This means creating a Shadow IT and cloud application control strategy, being able to support and guide employees in proper usage, and restricting access to certain corporate data—welcome to your new world of Data Loss Prevention (DLP), Cloud Access Security Broker (CASB), Identity Access Management (IAM), and more.
Cloud applications with all their ease-of-use and convenience aren't going anywhere. Aligning your cyber security practices and taking a holistic and complete cyber resilience stance on all aspects of IT will make for a happier workplace, a more productive workplace, and a place where the blood pressures of IT and compliance can remain at normal and acceptable levels.
Calian Cyber Security eBook - The worst passwords of 2020
How to Avoid Becoming the Next Cyber Crime Victim
November 26, 2020 | Bill Dunnion
This is all about your employee’s stolen identity
Everything in the modern age is digital—and of course you all know that. However, most people rarely contemplate what data is circulating around out there in the ether. Take one step further down the rabbit hole and apply that to personal data...
November 24, 2020 | Vanessa Howard
Virtual, Traditional, or Hybrid EOC What do you need to achieve?
An emergency operation centre (EOC) should enable people to respond to and plan the recovery from an emergency as effectively as possible. This is true of a brick and mortar EOC, a virtual EOC, and of a hybrid model. While there are...