It’s not a question that by this time, bring your own device (BYOD) work policies have become one of the core security considerations to implement across an entire company. Since employees increasingly gravitated towards accessing company information using their personally-owned devices, businesses have had the inevitable decision to deliver proper BYOD security policies.
What’s emerged and evolved since then, is that now, we’re seeing more employees wanting to use the same cloud apps for work that they use in their daily lives. According to a recent IBM study of 1,000 employees at large organizations, 1 in 3 employees frequently use both their corporate and personal accounts to access third-party, cloud-based apps.
Other findings from IBM’s study:
The problem is that most organizations only have visibility into a fraction of third party apps employees use for work, therefore lacking the ability to securely manage the data they upload and share. These applications and their use by employees or business departments outside of traditional channels is commonly referred to as “Shadow IT.”
The implication of this issue is that the rise of Shadow IT puts companies’ most sensitive data at risk. As an example, when employees leave a company, they may very well still have access to lists of sales contacts — uploaded to an outside file-sharing app that could be accessed through personal phones.
Like most problems in IT and security, however, these exposures also create an opportunity for organizations to strengthen their organizational controls and risk posture. We need to be careful to avoid a knee-jerk reaction, and ensure companies get behind a real solution. Instead of trying to fight the trend, businesses should embrace workforce demands and leverage the promise of cloud without compromising on the levels of security, data privacy and risk management.
Organizations need to seriously consider adopting new technology that enables the ability to see, manage and secure the numerous third-party, cloud-based apps that employees use. These solutions are commonly called, Cloud Access Security Management.
For example, new technology, such as IBM’s Cloud Security Enforcer is the first solution to combine visibility of cloud apps with cloud identity management, which allows companies to discover apps being accessed by employees and helps provide a secure way to use them. IBM is working with several of the most popular developers of cloud-based apps widely used by workers, such as Box, to make this possible.
IBM’s Cloud Security Enforcer will allow organizations to reduce the challenges of “Shadow IT” and defend against malicious hackers looking to target vulnerable cloud-based apps. Only then, will businesses realize the true productivity and efficiency benefits of using cloud apps — without putting their corporate data at risk.