Security is a balancing act. If you aren’t secure enough, risks proliferate. And if you are too secure, risks will still proliferate because users will find ways around it.
As a cloud security vendor, you might think that we always try to tip the scales towards more security, but that’s not entirely accurate. When people think of IT security, they picture expensive, comprehensive systems that cost a fortune while burdening users with extra steps. As recent spy TV shows like “The Americans” and “Turn” demonstrate, in a deeply connected world, security is more about knowledge rather than bigger and better walls.
Instead of selling “more” security, we want businesses to shine a light on their Shadow IT and become more intentional and strategic about their cloud security practices. IT pros should carefully consider what cloud apps mean for their business, then take reasonable steps to harness that power. If you want to improve security without doing too much, great! Here’s an easy way to make that happen:
Shadow IT as Business Intelligence
One of the smartest decisions businesses make is when they realize there’s a blind spot in their security and decide to learn more about what’s happening. If you’ve done that, then you deserve a pat on the back! If you haven’t, then you need a splash of cold water on your face. (we’ll gladly provide the water!)
You might not know it, but employees do companies a huge service when they use unsanctioned cloud apps. Why? Because their activity will let you know where your business has strengths and weaknesses. There’s a good chance that everyone is using an app that makes collaboration and meeting deadlines easier. You might want to sanction that app and develop standard processes for use. It’s a win/win. People who only use unsanctioned cloud apps sporadically will be easy to identify and you can address the issue by providing training before an emergency happens, like the leak of a client list. Another win/win. The only guaranteed loss is if Shadow IT remains in the shadows and businesses wait for a crisis. You should be able to see cloud activity, and this knowledge should drive a strategy.
Smarter Security Practices
Businesses that never think about security aren’t very different from businesses that think security means locking everything down – they are similarly hard-headed. Cloud security exists within the context of a provider’s practices, a user’s needs, your business’s needs and regulatory requirements – that’s a bunch of variables to consider. Allow me to make a recommendation: tip the balance towards users as much as regulations allow. Otherwise, users will figure out ways around the system and create additional Shadow IT issues that are even more difficult to address. You want employees to feel comfortable enough to experiment with new apps and services while still in view. Keep in mind that their activity isn’t necessarily malicious, and often, they are doing you a favor. You can leverage the cloud security intelligence gathered in step one to improve your security, operational efficiency, and regulatory compliance.
Cloud monitoring and intelligence is all most businesses need. No bridge burning, lockdowns, cumbersome barriers and restrictive policies necessary.
See how we make Cloud Security Easy: Watch this brief video and then request your free trial.