AST Digital Magazine August 2017 Digital-Aug | Page 46

Volume 15
August 2017 Edition
orous security assessment by weighing the built-
in security capabilities and risks of the cloud ser-
vice before sanctioning it for corporate-wide use.
Defending against Shadow IT with Cloud
Security Best Practices
With so much sensitive data in the cloud, the re-
cent rise of insider threats is even more troubling.
This is a problematic risk to many companies, as
these insider threats are often times based on
negligence and are difficult to detect.
An important element of these threats relates to
the use of Shadow IT, which is when employees
procure unapproved cloud services without the
knowledge of their IT department.
While Shadow IT is nothing new, the advent of
cloud-based shadow IT and its negligent use has
certainly made life difficult for IT security depart-
ments.
However, with proper cloud governance strate-
gies, organizations can unlock the full benefits of
the cloud without having to worry about putting
corporate data at risk.
1. Visibility
It is estimated that 90% of cloud service usage
falls into this mysterious category.
While using unauthorized cloud services may
seem harmless, Shadow IT poses a threat be-
cause the average employee does not apply the
same level of scrutiny when analyzing the secu-
rity of a cloud application.
Effective cloud security and governance begins
with having complete visibility over which servic-
es are being used by employees.
This can be achieved by understanding how
many cloud services are in existence (not an
easy task), what their URLs are, and using a
combination of security tools, block/allow their
use based on their security risk rating.
(Over 500 enterprises including Aetna, DIRECTV, General
Mills, HP, and Western Union use Skyhigh to gain visibility,
manage threats, ensure compliance and protect corporate
data across shadow and sanctioned cloud services. Courtesy
of Skyhigh, the leading cloud access security broker (CASB)
and YouTube)
IT security departments preform a much more rig-
The security risk rating should take into account
things like whether the cloud service provides
data encryption at rest, whether it takes owner-
ship of the data uploaded to its cloud, whether it
deletes user data upon account termination, etc.
Aside from providing transparency into the cloud
services used within an organization, gaining
granular visibility also has the benefit of acceler-
ating cloud service adoption.
46