Data from Symantec indicates that the average enterprise was using 928 cloud apps at the end of 2017, but CIOs are under the impression that their organizations only use between 30 and 40 cloud apps. As Arlo Gilbert notes in an article for InformationWeek, that leaves a discrepancy of nearly 900 apps to which CIOs are oblivious. That means it is time to reassess our faulty approaches to shadow IT. Gilbert highlights three particular ways shadow IT strategy could be going wrong:
- Using an all-encompassing firewall
- Using single sign-on (SSO)
- Using cloud access service brokers (CASB)
Strategy in the Dark
Ostensibly, a rigid firewall sounds like a straightforward way to prevent access to unapproved SaaS solutions and other materials. And for the most part, it actually is. But the problem is that this strategy “assumes that the risk of using SaaS applications outweighs the benefits,” which is not the case anymore. Just imagine how many clients use Dropbox or equally popular cloud-based solutions, and think about how much the business stands to lose from being cut off from leveraging those solutions.
SSO is a means by which IT attempts to allow SaaS but still maintain tight control over its usage. SSO is also full of holes though. For instance, Gilbert finds that no SSO system will support more than 60 percent of total SaaS vendors, leaving a wide fraction that cannot be accommodated. A related problem—albeit incidental rather than endemic—is that SSO can instill a false sense of security, leading to lax practices in other aspects of security. The bottom line is that SSO is helpful, but it is not exactly a solution.
Finally, about CASB, Gilbert writes this:
In this scenario, a company enlists a CASB to go to a major SaaS app – say Salesforce. They ask Salesforce to restrict access to a single IP address from their data center, then set up the DNS in their corporate network so that any time someone goes to salesforce.com, it redirects them. They then proxy the data through their firewall and various encryption and decryption systems to gain deep visibility into any nefarious activities and protect themselves from the dangers of shadow IT.
Like SSO, CASBs work, but they are also an incredible amount of work to implement. … CASBs also struggle with the same challenges as SSO solutions…
He concludes by saying, in essence, that IT must embrace (but also monitor) shadow IT for the sake of continuing to enable innovation. This is all well and good, but it is not exactly a robust solution to the increasingly extreme problem of cybersecurity. What would you recommend to strike a balance between freedom and security?
You can view the original article here: https://www.informationweek.com/cloud/software-as-a-service/your-shadow-it-strategy-is-broken/a/d-id/1330009