Shadow IT is making data loss prevention near impossible. With new security regulations on the way, finding unauthorized apps and devices and plugging data leaks within cloud services is a big concern for companies. Here are some solutions.
Shadow IT has made finding and plugging data leaks within cloud services incredibly difficult. Of course, shadow IT—or the unauthorized use of apps and devices with access to an organization’s IT network, including employees’ personal phones, laptops, and tablets—has been a lightning rod for discussion for some time now. The problem just won’t go away.
It’s almost sounds reasonable that tech-savvy employees unwilling to wait for approval or server maintenance would work out their own solutions to IT-related problems, but a business, company, or government agency with that many risky entry points becomes a hotbed of security concerns. As employees share, store, and upload corporate and personally identifiable data to easily breached cloud environments, organizations must learn how to monitor and control that information flow.
And with both the European Union’s General Data Protection Regulation (GDPR) and New York State’s 23 NYCRR 500 (NYCRR) about to launch in 2018, enterprises can no longer ignore necessary data loss prevention (DLP) policies to protect customers and themselves against accidental or malicious breaches—at the risk of substantial fines and reputational damage.
There are several effective solutions to lock down cloud DLP. One of them is a Cloud Access Security Broker (CASB), an in-line proxy server or gateway service that offers a single point of control for pushing security policies where employees may be mobile or remote, devices are both approved and unauthorized, and cloud services have varying security and global compliance capabilities. Several CASBs offer audit logs, compliance reports, and can help enforce enterprise DLP strategies related to access, authentication, authorization, and encryption.
Many CASBs integrate with Cloud Data Protection (CDP) solutions, which offer pre-built templates that can automatically identify sensitive data and allow CISOs to define DLP strategies. For example, eperi Gateway comes with several templates right out of the box, with preconfigured settings fine-tuned for Microsoft Office 365, Salesforce, and more third-party services. It allows enterprises to develop and implement procedures like enabling or restricting data access based on location or the time of day, and, crucially, it encrypts sensitive data uploaded to the cloud like social security numbers, credit card numbers, health information, rendering that information unreadable in the case of data loss.
Of course, one of the simplest ways to deal with shadow IT is awareness and control. Survey employees and consider if they are accessing data on unauthorized devices or using technology that promotes risk. Put out policy memos and communicate to every department that no equipment will be added to the network without first going through formal procedures. If people ignore memos, personally speak with departments and individuals about their tech requirements. If you need to keep employees from opening sensitive data on personal devices or when they are overseas, clearly communicate that and enforce it.
By 2020, one-third of security breaches will be due to unauthorized apps and devices, according to Gartner. To save the bottom line, your reputation, and customer and company data, cast a light on shadow IT.