There are a number of reasons why employees use non-approved SaaS applications, and there are very good reasons IT wants to limit it. To reach a point where both sides are working together, it’s important to understand both perspectives.
Through the business lens: Employees look to drive results first
Organizations are in very competitive environments with demanding business objectives and far-reaching goals. Employees are under intense pressure to deliver results and often turn to non-approved apps to help them do their jobs quicker and more effectively.
Here are some of the common responses employees give when asked about shadow IT:
“I’m just more comfortable using a different app from the IT approved one. I don’t want to have to relearn a new program just to do the same thing”
“All of my external partners use a different app for file transfer. I can’t make everyone start using our solution, so I need to be able to use what they use.”
“The timelines on this project just don’t allow for the time it takes to get IT approval. It’s faster for me to just download and install the app myself.”
While they may have good intentions, many employees don’t fully understand the security risks associated with using non-approved applications, devices, or networks.
Businesses need to have visibility and control to ensure data compliance.
Through the IT lens: Shadow IT creates blind spots that can increase risk
Shadow IT creates a difficult challenge. Organizations expect IT to empower employees to do their jobs more effectively, while at the same time ensuring the security and compliance of sensitive data.
Without a detailed picture of the SaaS apps employees are using, IT cannot provide this security. On the other hand, blocking shadow IT inevitably leads to employees finding ways around the restrictions.
Some of the concerns IT teams encounter when faced with shadow IT are:
“I need to keep our organization’s data safe. If I don’t know what employees use or how they use it, those unknowns seriously jeopardize my ability to do so.”
“We have an approval process in order to reduce security compromises. Before we approve an app, we have to test and vet each app to ensure it meets not only our organizational requirements, but any industry regulatory or compliance requirements.”
While complete visibility might never be attainable, there are certainly steps IT can take to more effectively manage the blind spot shadow IT creates. One of those steps is to consider a Cloud Access Security Broker.
Cloud Access Security Brokers offer a compromise
A Cloud Access Security Broker (CASB) is a technology that helps you meet the needs of both IT and the business. It helps reduce the risk non-approved applications and services pose to your organization. Shadow IT is unlikely to be eradicated within organizations, so this is an important way to address the security gaps it creates.
CASB solutions help you to:
- Get a detailed picture of the cloud apps and services your employees use
- Control data in apps with granular-level policies
- Protect your data and SaaS apps from advanced threats
- Investigate users and their interactions with apps
The right CASB solution allows you to bring shadow IT into the light, giving employees the productivity tools they need, while helping maintain the security and compliance your company demands.
To better understand Shadow IT and how CASBs operate, check out our new e-book, “Bring Shadow IT into the Light.”
from Microsoft Secure Blog Staff