Most CIOs know that employees within their organization have snuck a few applications past the IT department, but a new report from ESG indicates that they are greatly underestimating the extent that Shadow IT has infiltrated their environments.
This new brief reveals that “65% of enterprise IT professionals report being aware of a significant or moderate number of non-IT-sanctioned cloud applications being used at their organization.” This level of widespread Shadow IT can create significant security threats and introduce considerable waste, as employees in different business lines purchase similar unauthorized apps and services for common processes like storage and collaboration.
How can CIOs and CISOs manage, support and protect what is in their cloud effectively without having a true understanding of what might be dwelling in there? If they can’t see what cloud services are being consumed, they can’t see the risk that’s being incurred.
In order to be truly vigilant against security threats, being held for ransom or having data compromised, CIOs and CISOs need to “Shadow” Shadow IT.
As the comic book goes, “Who knows what evil lurks in the hearts of men? The Shadow knows.” We are not saying that the people who are skirting IT protocol to enable their teams with the apps and services they need for success are evil, just that the unknown consequence of Shadow IT may very well turn out to be.
To become the “Shadow” CIOs and CISOs will need to leverage continuous monitoring and automation.
Continuous monitoring is the ability to maintain ongoing awareness of information security, vulnerabilities and threats. Setting up continuous security monitoring and policy controls is no easy task for organizations with a large cloud infrastructure, especially if there are so many services lurking in the shadows. Start by prioritizing what information would be the most valuable to potential attackers and investigate ways to continuously surveil and assess these systems.
Embrace automation wherever possible. Automation tools enable complete visibility into cloud infrastructure while fortifying what has been configured in the cloud with security best practices. As a bonus, automating security controls and risk remediation can free up time for your team to educate the rest of the company on the importance of IT protocol and the dangers of Shadow IT.
To find out more about how our technology can empower you to solve this problem visit our website. ESP provides a single pane of glass view of all of your AWS accounts, regions and services in one easy to customize dashboard. By consuming all of Amazon’s APIs, ESP can detect and reveal accounts that may have been lurking in the shadows and alert security teams of configuration changes and policy violation and provide a path to remediation.