Users want cloud applications and they will do anything to achieve the agility and productivity benefits that they aren’t gaining from their current (corporate) offering. What most users (and IT teams for that matter) do not realize is that many cloud services are insecure and can leave corporations vulnerable to major data exposure and risk. This phenomenon of “Shadow IT,” or the use of information technology systems and services that haven’t received explicit approval happens when IT can’t get “it” done in time. And these days, you’d be hard-pressed to find an organization that is unaffected by shadow IT.
The level of pervasive shadow IT creates new security threats and considerable waste into the enterprise with duplication of common cloud applications for storage and collaboration. CIOs don’t even have a real hold on what this means. In 2018, a typical firm had 15 to 22 times more cloud applications running in the workplace than were authorized by the IT department. In absolute numbers: on average more than 700 application in a typical enterprise.
How Mature Are Your Cloud Application Security Strategies?
As IT feels their grip slipping on security, they take their stance on the cloud maturity scale by either adopting a draconian or pragmatic security approach.
A recent research conducted by Netskope outlined three stages of maturity:
Organizations that fall within this stage of security are most concerned with discovering the shadow IT in their ecosystem. With that knowledge, they also want to assess associated risk with the applications to eventually block and redirect end-users’ engagement with non-sanctioned cloud applications to corporate (and authorized) services.
Organizations in the second stage, like their name, are focused on control. While they are more cloud-forward than Stage 1, efforts are placed on securing rollouts of IT-driven (and authorized) cloud applications. They do this by applying cybersecurity policies, processing, and Cloud Access Security Broker (CASB) technology to prevent data loss and mitigate threats.
In the most mature stage, organizations are aware of user-led applications. But instead of outlawing it, they embrace the apps by securely enabling the business value it delivers.
The research accounted that almost half of respondents were in the Stage 1 - Discoverers category and only 21 percent identified in the Enablers stage. This identification isn’t just about preferences, it directly correlates with positive business outcomes.
Cloud Applications + Mature Security Strategies = Positive Business Outcomes
It may seem obvious, but results show that it’s better to know thy enemy and embrace it, rather than fighting shadow IT and having end-users continue to use cloud apps to the detriment of the business.
To have enact more mature security strategies, organizations should:
Allow user-led cloud apps, while applying controls and policies that don’t inhibit productivity and agility
Engage with the end-user community to foster awareness and openness about apps instead of secretive use that could lead to security gaps
Convert user-led cloud usage into IT-sanctioned software-as-a-service (SaaS) apps to extend the benefits to a broader set of the company
Employ cloud security experts that can help navigate and employ the full range of CASB use cases
Doing so is proven to provide the following positive business outcomes:
Faster response to changing market conditions - Organizations that are cloud forward and embrace the agility of cloud services are more likely to innovate and expedite the delivery of new products and services to edge out the competition.
Maximized productivity and fast time-to-value - Nearly half of “Enablers” reported that user-led applications had a “strong positive impact” on end-user productivity. They were more likely than less mature organizations to meet or beat their application deployment schedules, delivering faster value to the business as a whole. As a result, end-users had a higher level of satisfaction with the speed of supplied applications and having apps at their disposal to conduct their daily tasks.
Exceeding revenue expectations - Learning from, and building off the benefits above, embracing a collaborative, cloud-enabling strategy yields very different results than discovering and obstructing apps in terms of revenue. “Enablers” have proven this by exceeding revenue expectations by nearly five percent.
Embrace User-Led Cloud Apps and the Increased Attack Surface
Shadow IT exists because IT doesn’t always have the capacity to serve every need of the business. But, instead of just listening to the advice of eliminating it all together, embrace user-led cloud apps and the accompanying increased attack surface. With discernible differences in business outcomes, it is worthwhile to mitigate cybersecurity threats, rather than shackle end-users’ productivity and agility.
Edgeworx works with customers to enable them to be mature, cloud-forward organizations by implementing security and visibility tools that not only uncover shadow IT, but develop a plan on how to secure the network and gain control over attacks.
Not sure where your business falls on the cloud security maturity scale? Let us assist you in a self-assessment and give us a call at +1.647.793.4731 to discuss how we can help you achieve “Enabler” status.