On your corporate network, you probably don’t know which cloud apps are in use, by whom, and how those apps are used. These unknowns are what’s known as Shadow IT. Even though Shadow IT is pervasive, many businesses haven’t even started to tackle the problem. This is due in part to the complexity of solutions. Cloud Access Security Brokers (CASBs) will help, but they all help in different ways. CASBs have a variety of approaches to Shadow IT that make them hard to compare.
How to Decide on a CASB
A simple Cloud Monitoring tool can leverage your existing tech investments, and give you the information necessary to figure out the best way to tackle the Shadow IT problem. Discovery is the first step. These questions can help you figure out where to start:
- Do you know all of the cloud applications, sanctioned or not, that are in use in the organization?
- Do you know who which employees or systems use these applications?
- Do you know the behavior patterns associated with this application usage? (volume, number of times accessed, time of day, location, etc)
- Do you know what data is being exchanged with these cloud applications?
- Do you know if you are at risk by the use of these apps?
Once you answer these questions, you will have a direction on where to go:
- Which apps is our organization going to sanction / approve?
- What risk is associated with the use of these applications?
- Do we have a current security infrastructure in place that can sufficiently secure the use of these apps?
- If “No” in #3, then what level of security do we require?
With the visibility to know what is at stake, you can decide if an API-Native approach is best (example – CloudLock) or if a proxy gateway is required. For example, if you find only Salesforce and DropBox in use, you can block everything else and select a vendor like CloudLock or Bitglass to deploy a SaaS / Cloud Native API approach. But, sometimes CISOs are happy just knowing the answer to the first five questions to gain visibility and determine risk. A solution like Cloud Access Monitor from ManagedMethods will allow you to monitor and take steps to control and enforce policy.