Shadow cloud is a growing threat: 3 keys for IT pros

ThinkstockPhotos-482254891

Chances are your users are running some potentially dangerous programs and services right under your nose. And these could be putting your organization’s security at high risk. 

It seems that there are some serial offenders when it comes to shadow cloud services. According to Spiceworks, only 14% of IT pros said their users had never adopted cloud services behind their backs. Another three percent reported it happening only once.

But for the overwhelming majority, there have been multiple incidents of shadow IT creeping into the cloud. Forty percent said they’ve had multiple instances of users adopting cloud services behind their backs (at least two to four times), and 38% said it happened five or more times.

That’s especially concerning since IT pros see these cloud applications as particularly vulnerable to attacks.  According to the survey, the most vulnerable services were storage (35%), webmail (27%), messaging services (9%) and financial or accounting services (8%).

Shadow IT didn’t go anywhere

A few years ago, shadow IT and BYOD were seen as problems that IT would have to cope with sooner than later. But like many other security trends, that changed as these options became more and more pervasive.

Eventually, it seemed like shadow IT would just be a thing IT would be stuck dealing with forever. Sure, there were ways to try to block users from downloading programs without approval or visiting sites that weren’t whitelisted, but these sites and programs popped up quicker than IT could shut them down.

But there is still reason to fear shadow IT. Just recently, malware specifically targeting cloud storage has been discovered.

And IT still realizes the threat: 61% of those surveyed by Spiceworks said that their organization was concerned about backdoors in cloud services they may not be aware of.

Getting control of your policies

Chances are you have a cloud policy that forbids having unapproved cloud applications or storage procedures. Most companies do, but they still have the same problem with shadow IT.

So how can you get users to actually pay attention? It may be time for a new policy.

Before you figure “I don’t have time for that,” know that you don’t have to start over whole cloth. Look at your existing policy, and adjust language that’s no longer applicable or may seem out of date.

Here are three keys to getting this policy to pass the test with employees:

  • Bring in outside help. Don’t just develop the policy in your IT department. Bring in representatives from around the company, including the management level. This way, you can help get buy-in before the policy is even committed to paper.
  • Look for trends. Chances are you’ve seen some popular services come up for users that you know won’t fit in with your policy. But users may not realize that. If you notice everyone’s talking about a new cloud app or storage solution, get ahead of the problem by letting users know if it’s allowed or not, and explaining why.
  • Share features. You’ve almost certainly got some cloud apps and services that are approved, and these services try their best to stay competitive with others. If there’s a recent change or upgrade to your services, go ahead and let users know about it – and how it can help them do their jobs better and safer.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy