How to Control Shadow IT

Controlling Shadow IT was much easier in the past: you could just block ports and call it a day. But that shotgun approach to blocking cloud apps is no longer a practical answer. You can’t support business needs without cloud services. Strategically deploying control is crucial, but enforcing new policies can be problematic with employees who’ve come to expect a fast and easy workflow using cloud apps.

When you start with monitoring, you can eventually build policies around your cloud apps and control around their usage. The right solution shouldn’t require rearchitecting your IT systems. Choose a solution that’s easy to deploy, doesn’t break existing systems and keeps most people happy. Controls can be implemented to varying degrees using these approaches, which define each Cloud Access Security Broker (CASB) solution:

  • API: cloud-native, app specific, no visibility into Shadow IT
  • Proxy/Gateway: can be on or off-premise, primarily for controlling any traffic
  • Network based: on-premise or hybrid models,  provide for discovery & visibility and some control
  • Hybrid: a mixture of the above options.  Network & API, Proxy & API, etc.

Each method has its pros and cons. Even more, each CASB’s approach will impact the user experience differently. For example, forward proxies and on-premise solutions might require users to connect to a cloud app via VPN  or place a browser extension on a mobile device, but they can also be used for any number of cloud apps. Whereas CASBs that integrate directly with cloud providers don’t need a VPN to secure corporate data, but they are limited to those apps where there is an existing integration.

The new cloud apps that appear each day continuously fueling Shadow IT poses the biggest challenge of all. Despite what some CASBs claim, a “one size fits all” approach using proxies or APIs won’t single-handedly deal with the entirety of the Shadow IT problem.  

Doing nothing isn’t an option

Some IT leaders are afraid to move forward because they find themselves stuck in the middle of a dozen competing interests. The multitude of solutions, abilities and features get muddled together through a barrage of marketing messages. And, to cap things off, the Shadow IT problem is only getting worse!  So despite the challenges, 2016 is the year IT leaders must take action. Gartner predicts that by the end of this year, 35% of enterprise IT expenditure will go to Shadow IT resources. As a recent Network World article states:

“IT must figure out how to deliver vetted solutions that users will actually choose to use, either because the products and solutions are so awesome or because IT is able to convince users that the things IT cares about are so dang important that users should accept a second-class experience in order to stick with them.”

The latter approach hasn’t been very successful, which is why cloud app use in business has proliferated despite IT leaders’ best efforts. Make 2016 the year that you start paying attention to the risks of Shadow IT, even if you aren’t ready to address them.