ManagedMethods
  • Products
  • Free Trial
  • How It Works
    • Data Privacy
    • FAQs
  • Supported Apps
    • G Suite
    • Office 365
    • SaaS
  • Use Cases
    • Cyber Safety & Security
    • Data Security
    • Phishing & Malware Protection
    • Account Takeover Prevention
    • Student Self-Harm Detection
  • Customer Success Stories
  • Resources
    • Blog
    • Events & Webinars
    • Success Kits
    • More Resources
  • Company
    • In The News
    • Partners
    • Resellers
    • Careers
  • 1 (303) 415-3640
  • SUPPORT
  • CONTACT
  • Products Free Trial

    Who Takes the Blame for Shadow IT?

    August 16, 2016

    If an employee fouls out, they probably didn’t have bad intentions. They wanted to get a job done and made a mistake. Employers are often less innocent. Allowing Shadow IT to proliferate is a gamble whose  risks outweigh the savings of doing nothing. As Shadow IT grows, there is a good chance that they will lose the gamble – it’s just a matter of time. To prevent an impending security issue, there are a variety of strategies, each with cost and benefit tradeoffs:

    Use of Cloud/SaaS apps like Google Apps, Office 365 and Dropbox are nearly ubiquitous  and are essential for businesses of every size. The benefits of these apps are clear, but the risks they create is a growing concern. Untrackable, unsanctioned cloud use is the unintended consequence of cloud use. Security is undermined with the growing risks created by Shadow IT. The question is: between the IT department and non-IT employees, who should be responsible for Shadow IT?

    Hot potato

    While IT departments have made their voices clear that cloud security is important, they don’t often practice what they preach. IT departments used to be the gatekeepers of tech, but cloud apps opened those gates. Attempts to lock down networks often result in increased efforts by employees to bypass the IT department, causing increased tension and risks.

    Due to limitations in existing security solutions, the choice is to either overcontrol/block everything or pass off the responsibility. A cloud-specific security solution could provide the best of both worlds but might be financially out of reach. If additional resources for cloud security aren’t available, the only option is clear: open the gates and hope for the best.

    With existing firewall technology the gate itself is protected, but each employee is responsible for what passes through it when they use cloud apps. This means that employees can mistakenly invite in strangers by leaking access credentials, or they can leave sensitive client data on unsecured apps. If an employee decides to download everything from the shared drive, this unusual behavior would go unnoticed. Employees can do whatever they want in cloud apps, even if it’s not in their employer’s best interests.

    Shooting the potato into your foot

    The only glimpse of Shadow IT most businesses see is when something bad happens, and then everyone reacts. If someone behaves in a way that makes the IT department and executives notice, there’s a good chance that whatever happened has irreversible consequences. Who takes the blame?

    Cloud app policy breaches are two sides of the same coin. Of course, employees should behave responsibly with new technologies, but employers share the blame. When employers allow Shadow IT to grow, they demonstrate a lack of responsibility with cloud apps every day. To point fingers when the inevitable happens benefits no one.

    Strategy Cost Effectiveness
    Educate employees on comprehensive policies for data governance and compliance Existing personnel time. Good. Should be mandatory for every business, but places all responsibility on the employees
    Increase security, control sensitive data, improve compliance, centrally manage data protection through IT department Existing internal technology and personnel time. Better. Putting the control back into IT’s hands can create tension, but reduces risk.
    Deploy a cloud-specific security solution and manage all cloud activity through IT Price of new technology and time for IT personnel implementation and training. Best. Defining a scope and putting financial resources behind a security solution benefits all personnel.

    Instead of waiting for the inevitable to happen, businesses can shed a light on Shadow IT without breaking the piggy bank and annoying users. Cloud specific security solutions created with the midmarket in mind means cloud security is becoming more affordable, easier to deploy and less obtrusive to users.

    Written By: David Waugh

    Share this post

    CLOUD SECURITY INSIGHTS

    Get the latest cloud security insights delivered straight to your mailbox

    GET YOUR FREE TRIAL TODAY!

    Experience visibility and control with cloud security made easy. Start securing your organization’s cloud data!

    Start Your FREE Trial

    Categories

    • Account Takeover (2)
    • Cloud Access Security Broker (CASB) (35)
    • Cloud Risk Management (5)
    • Cloud Security (28)
    • Customer Success Stories (12)
    • Data Loss Prevention (11)
    • G Suite for Education Security (13)
    • Google Cloud Security (10)
    • Higher Ed Cloud Security (4)
    • In The News (107)
    • K-12 Cloud Risks (3)
    • K-12 Cloud Security (18)
    • K-12 Cyber Safety (9)
    • K-12 Cybersecurity (19)
    • K-12 Hybrid Learning Security (4)
    • K-12 Remote Learning (17)
    • Office 365 Cloud Security (7)
    • Product Updates (10)
    • SaaS Security (26)
    • Student Data Privacy (7)
    • The K-12 Tech Experience Podcast (2)

    Related Articles

    Aug 30, 2017 - SaaS Security

    Cloud Email: the obvious next step in cloud security

    Read More
    Jun 6, 2017 - SaaS Security

    Attention: IT has Moved to the Cloud. Why Hasn’t Security?

    Read More
    May 4, 2017 - SaaS Security

    Yesterday’s Google Docs Phishing Scheme: OAuth as an Attack Vector

    Read More
    • How It Works
    • Supported Apps
    • Use Cases
    • Partners
    • Resources
    • Company
    • Terms of Service
    • PRIVACY POLICY
    • Twitter
    • Linkedin
    • Youtube
    ©2020 ManagedMethods - Enfold WordPress Theme by Kriesi
    • Twitter
    • Linkedin
    • Youtube
    • Instagram
    • Facebook
    • How It Works
    • Supported Apps
    • Use Cases
    • Partners
    • Resources
    • Company
    • Terms of Service
    • PRIVACY POLICY
    The Future of Hacking is Predictable What did your corporate data do in the cloud last night?
    Scroll to top