By: Matt Piercy

The shadow IT challenge: closing the security gap

BYOD, once a rarity, quickly became a trend, and is now commonplace. Following the dramatic rise in BYOD, IT has seen the growing popularity of BYOA (applications), BYOC (cloud), and BYOS (storage). The possibilities are endless, challenging IT to keep pace with all the new technology coming into the workplace whilst ensuring that security is not compromised. Blocking every non-approved application would solve the problem, but that is simply not an option in today’s employee-centric, mobile environment. Instead, CISOs are leading the way in finding alternatives to close the security gap — or what is known as the “shadow IT” challenge. 

“Shadow IT” summarizes the applications that exist in an IT infrastructure without having passed normal IT processes intended to ensure security and functionality. Generally installed by end users, the applications may range from health trackers to IT services not provided by official IT resources. On personal devices, the user reserves the right to download any application. For corporate devices, however, the responsibility falls on IT to ensure that all applications are tested and deployed as appropriate. Given the speed of innovation, even large IT departments sometimes find themselves falling behind the adoption curve on the latest trends. 

The consumerisation of IT

Cloud has opened the floodgates of change in how employees work, and the consumerisation of IT continues to push personal cloud applications into the enterprise. If enterprises do not embrace the speed of the end user and adopt new technologies that will simplify processes and enable greater productivity, employees will increasingly turn to shadow IT applications outside of the corporate network. Employees can download apps to be up and running in minutes. And those that incorporate business data and integrate with existing enterprise applications can be installed without IT involvement. This activity can put organisations at risk of cyberattacks and malware infection in ways that IT cannot predict, and it denies IT the ability to monitor and control application use within the enterprise. 

However, if organisations make use of the cloud as a way to improve productivity, why don’t they also turn to cloud-based services to protect users from the dangers that go along with the new app economy? A lot of enterprises are stuck in the old model, in which they believe that there is a control mechanism they can put around their networks and data centres that makes them more secure. As a result, a lot of traffic and services are being used outside of the data centre fortress and corporate policy, putting the organisation at risk. 

Going from “block or allow” to “manage and monitor” 

Rather than prohibiting applications, CIOs and CISOs must find alternative ways to close security gaps, and IT must go from a “block or allow” model to “manage and monitor.” The means to do so is in the cloud. The cloud is not only allowing end users to become more agile, but it is enabling business agility as well. Businesses should take advantage of the productivity benefits of cloud-based services, including the Internet Security Platform, and welcome the transformation to cloud. Though it is disrupting established business models, it is introducing opportunities for better security and visibility, a reduction in costs, and future readiness.

Whilst traditional solutions are failing to keep up with the new cloud norm, taking advantage of the cloud allows businesses to keep pace in a rapidly evolving market. Network data, provided by cloud services, will help businesses understand employee behaviour and, in doing so, CIOs and CISOs can support the cloud apps that employees choose in a manner that doesn’t expose the company to unnecessary risk. 

Additional Resources:

Learn more about Zscaler.