Say ‘Yes’ to Cloud Apps with the Right Protection

January 29th, 2016

It’s not a question that by this time, bring your own device (BYOD) work policies have become one of the core security considerations to implement across an entire company. Since employees increasingly gravitated towards accessing company information using their personally-owned devices, businesses have had the inevitable decision to deliver proper BYOD security policies.

What’s emerged and evolved since then, is that now, we’re seeing more employees wanting to use the same cloud apps for work that they use in their daily lives. According to a recent IBM study of 1,000 employees at large organizations, 1 in 3 employees frequently use both their corporate and personal accounts to access third-party, cloud-based apps.

Other findings from IBM’s study:

  • Milllennials use third-party cloud-based platforms in greater numbers. More than half of this growing generation — who will make up half of the worldwide workforce by 2020 — use cloud services to work.
  • One in four employees uses their company credentials to access cloud-based platforms.
  • Employees know they are violating company policy. More than half of employees agree it is a violation of their company’s security guidelines, and yet continue to use external, cloud-based apps.
  • The top three reasons employees use external-cloud based platforms are: to increase access, to enhance job performance, and convenience.

The problem is that most organizations only have visibility into a fraction of third party apps employees use for work, therefore lacking the ability to securely manage the data they upload and share. These applications and their use by employees or business departments outside of traditional channels is commonly referred to as “Shadow IT.”

The implication of this issue is that the rise of Shadow IT puts companies’ most sensitive data at risk. As an example, when employees leave a company, they may very well still have access to lists of sales contacts — uploaded to an outside file-sharing app that could be accessed through personal phones.

Like most problems in IT and security, however, these exposures also create an opportunity for organizations to strengthen their organizational controls and risk posture. We need to be careful to avoid a knee-jerk reaction, and ensure companies get behind a real solution. Instead of trying to fight the trend, businesses should embrace workforce demands and leverage the promise of cloud without compromising on the levels of security, data privacy and risk management.

Organizations need to seriously consider adopting new technology that enables the ability to see, manage and secure the numerous third-party, cloud-based apps that employees use. These solutions are commonly called, Cloud Access Security Management.

For example, new technology, such as IBM’s Cloud Security Enforcer is the first solution to combine visibility of cloud apps with cloud identity management, which allows companies to discover apps being accessed by employees and helps provide a secure way to use them. IBM is working with several of the most popular developers of cloud-based apps widely used by workers, such as Box, to make this possible.
IBM’s Cloud Security Enforcer will allow organizations to reduce the challenges of “Shadow IT” and defend against malicious hackers looking to target vulnerable cloud-based apps. Only then, will businesses realize the true productivity and efficiency benefits of using cloud apps — without putting their corporate data at risk.

Cloud Security Superhero-2

Greg Coughlin - Director, Security Business Unit IBM Canada Ltd.

Greg is responsible for the strategic direction, client relationships and operational management of IBM’s Security business in Canada. In this capacity, Greg holds accountability for the overall signings, revenue, profit and client satisfaction of IBM’s market leading Security products, services and solutions. His team of over 200 Canadian professionals are responsible for selling, supporting and […]