Briefing Note: CipherCloud provides Shadow IT Insight

An organization’s users can now, with the swipe of a credit card, create their own IT infrastructure. The term for this is “Shadow IT” and it’s growing rapidly in organizations of all sizes. There are two steps to dealing with Shadow IT. The first is understanding why it’s a problem for the organization in general and IT in particular. The second step, once all parties have agreed they have a problem, is for IT planners to identify when and where Shadow IT is occurring.

Step 1 – Admit That You Have a Problem

When we talk to IT professionals, one of the biggest challenges we have is getting them to admit that Shadow IT is a problem, or at least helping them to understand the gravity of that problem. This is because on the surface Shadow IT can seem like a pretty good deal for organizational IT. Users taking the responsibility for their own data or applications allow stretched-too-thin IT personnel to focus on other matters. But in reality it seldom works out this way since users still need IT to help get services set up or to recover data when those services fail. More importantly, the organization has its data exposed, making protection and compliance almost impossible.

Legitimate Need

The services that users sign up for often are fulfilling a legitimate need. Users are often spending personal or their department’s money to acquire the non-approved service, so obviously it has value to them. IT just can’t “outlaw” the desired capabilities; it has to be able to provide this service in a way that meets organization’s goals, while at the same time providing the users with the capabilities that they want.

The File Sync and Share Dilemma

A good example of the legitimate need for these services is file sync and share services like DropBox. Users need the ability to synchronize data between their various devices. They also need to be able to share data with other employees within the organization or externally with partners and customers. There are several enterprise class file sync and share solutions that securely provide this capability to users while protecting the organization.

But, once the decision on an enterprise file sync and share service has been made, how does IT make sure that the chosen solution is the only solution being used? This is where CipherCloud and their Cloud Discovery Solution comes in.

Step 2 – Shadow IT Insight

With CipherCloud for Cloud Discovery it is easy to discover and categorize all of the cloud applications being accessed by the organization. The solution will identify the risk as well as provide a summary of network resource utilization by service, department or user. It features an intuitive drill-down dashboard that provides detailed information about cloud application usage. Available as a software module, CipherCloud for Cloud Discovery enables user organizations to scan network logs in-house and retain control over enterprise data.

Step 3 – Take Action

Once the various cloud applications have been identified, the next step is to take action. Here, CipherCloud has a suite of products that deliver cloud access control and data loss prevention to a variety of services including: Salesforce, ServiceNOW,, Gmail, Office 365 and Amazon Web Services. Each of these modules can encrypt or tokenize data, scan for business sensitive information, like social security numbers and credit card numbers, control which data can be shared, and monitor user traffic for anomalies.

StorageSwiss Take

Shadow IT is real and a real problem. It impacts an organization’s ability to protect data from either intentional or accidental loss. While in the short term, “self-service” IT in the form of user-initiated cloud-based services may seem like a good idea, in almost every case when that user decides to go outside the organization for an IT service, IT gets roped back in to “pick up the pieces”. A better strategy is for IT to identify the legitimate cloud needs in the environment up front and then offer enterprise versions of those solutions. Part of that strategy requires ongoing identification of unauthorized cloud use as well as the protection of data in approved cloud destinations. CipherCloud’s solutions enable those strategies.

Click Here To Sign Up For Our Newsletter

Twelve years ago George Crump founded Storage Switzerland with one simple goal; to educate IT professionals about all aspects of data center storage. He is the primary contributor to Storage Switzerland and is a heavily sought after public speaker. With over 25 years of experience designing storage solutions for data centers across the US, he has seen the birth of such technologies as RAID, NAS and SAN, Virtualization, Cloud and Enterprise Flash. Prior to founding Storage Switzerland he was CTO at one of the nation's largest storage integrators where he was in charge of technology testing, integration and product selection.

Tagged with: , , , , , , ,
Posted in Briefing Note

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 22,216 other followers

Blog Stats
%d bloggers like this: