As more organizations see the benefits the cloud can offer, enterprises are eager to implement cloud migration strategies. By next year, Gartner forecasts that 75 percent of organizations will take the next step and deploy a multicloud or hybrid cloud model to meet their IT needs. As with any major IT shift, there are several common pitfalls that organizations fall prey to during the adoption process. What’s the highest risk for security? Shadow IT.Shadow IT is the phenomenon whereby
employees who are not getting what they need from their own IT department set
up storage or compute infrastructure at a public cloud provider and deploy
applications or store data in the cloud.Falling into the Shadows
Make no mistake, shadow IT can make
your organization vulnerable. Not surprisingly, this means the first reaction
of most CIOs is to shut it down – but this can be harder than one might think.
There will always be a risk of employees going rogue and sneaking in the
technology they believe makes their jobs easier.Therefore, it’s important for
enterprises to familiarize themselves with – and prepare to face the risks of –
shadow IT, including:
Security: Enterprise data is scattered through hundreds of unsupervised apps and thousands of uncontrolled devices. It’s increasingly difficult to manage and maintain a strong network-first security strategy when there are unknown environments being utilized by employees.
Integration: With dozens, or even perhaps hundreds, of different clouds, how do you get them to work together?
Compliance: Enterprises have little to no control over what is happening in the shadow IT world.
Cost: Spending can easily get out of control when not monitored from a central point. 30 percent of technology spending occurs outside of IT’s control, and that number will only continue to grow.
When employees deploy their own clouds,
they don’t necessarily have the skills or tools to make sure the deployment is
secure, let alone maintain good security hygiene through proper patch
management and vulnerability updates. Furthermore, cloud instances are frequently
forgotten, as projects conclude or whatever web servers were deployed become
outdated. The company risks a data leakage or an intrusion because of an attack
surface the IT department did not even know existed.A Light in the DarknessWhile it’s very clear that shadow IT
presents serious security challenges, it’s not an inherently bad thing that
needs to be completely repressed. When employees get to choose their devices
and apps, productivity can go way up. They can adopt the latest technologies
faster than IT ever could and drive innovation by more agilely responding to
market shifts. This is why CIOs are realizing that they — and their
organizations—can actually benefit by coexisting or even embracing shadow IT.Shadow IT can also provide enterprises
with a coveted edge in attracting and retaining highly sought-after talent. The
ability to choose and use desired systems is a real draw for IT pros.
Organizations that wish to sweeten the pot for potential employees would be
wise to consider seizing the opportunity shadow IT presents.How to Successfully Integrate Shadow ITIt’s important to recognize that IT
staff is always under pressure and stretched thin to deliver on business
transformation initiatives. With shadow IT here to stay, enterprises need a
strategy to include it in their cloud adoption journey.For IT to retain any control over the
security posture of the entire network presence, they must provide templates
and tools that would enable a secure deployment. For example, deploying a new
VPC should:
Automatically deploy a virtual
firewall with all the necessary configurations to restrict access to the VPC to
known sources
Secure the campus to cloud connection
with a site to site VPN
Add the newly acquired IP addresses to
a scanning solution to make sure the VPC never deviates from an acceptable
posture
When planning a move to the cloud,
it’s crucial that enterprises recognize and plan for potential pitfalls – shadow
IT included. While these obstacles certainly come with their own sets of unique
challenges, enterprises that find ways to use them to their advantage will come
out on top.Organizations must essentially decide
to either cut out shadow IT altogether or integrate it. It’s a critical decision
that requires both a look inward at the company’s current security posture, as
well as a look forward at what it should be. Whatever the ultimate choice,
understand the risks and potential rewards to avoid falling prey to this silent
killer.
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Attackers are leveraging Amazon SES, a legitimate and trusted service, to send malicious emails that bypass authentication checks like SPF, DKIM, and DMARC.
