In our second post of Infotrust’s Third-Party Risk blog series, our Cyber Defence Team takes a look at organisations’ interactions with third-party software and applications. Specifically, the concept of Shadow IT, how it can exponentially increase a business’ third-party risk and steps organisations can take to improve security measures in the cloud.
“Shadow IT refers to IT devices, software, and services outside the ownership or control of IT organizations.” – Gartner
Shadow IT is not a new concept for most, since its inception many years ago the stance is now that the majority of organisations experience shadow IT and it is inevitable.
As more organisations have migrated to the cloud, the issue of unsanctioned applications and sensitive data residing in unauthorised locations has only increased. On average organisations are using 1,295 applications and cloud services*. It’s estimated now that of these applications, 95%* of them are unmanaged and have been brought in to use within the business from other departments without IT consent or administration.
Most of the time these unsanctioned applications and cloud services have been brought in to the business to improve efficiencies or for collaboration purposes, and therefore the end-users are quite reluctant to stop using them or look at alternatives. Whilst they may improve efficacy, they are not always built with security in mind and this is why it is important for businesses to have an understanding of ALL the applications and services in use within their IT environment.
With all third party applications and software, there is a risk that businesses need to analyse, however this risk increases exponentially when IT/Security is not involved to assess whether the apps meet security requirements.
For many businesses their first thought might be to block the use of unsanctioned applications, this would make your IT infrastructure secure right? But there are a few things that should be considered before you press the block button.
Legacy security solutions such as firewalls and secure web gateways (SWGs) were not created with the modern workforce in mind. More than 50% of cloud usage* now takes place with end-users outside of the traditional perimeter, via mobile and remote access. Traditional security tools were not built with this in mind and often will not be able to pick up those unsanctioned apps being used beyond the traditional business perimeter.
Additionally, blocking an application or software can result in end-users finding an alternative option. Thus bringing you back to square one and not resolving the issue. By allowing your workforce to use their key third party applications, after you have reviewed their security controls meet your business standards, means that you can enable your end-users productivity and ability to work effectively.
Next-generation cloud security solutions provide the ability for end-users to utilise their preferred third-party apps and cloud services, without the business compromising on security controls.
Infotrust partners with Netskope, who provide a Next Generation CASB solution. This solution enables businesses to allow the use of unsanctioned, but permitted, apps whilst remaining secure. Netskope gives full control of SaaS, IaaS and web from one cloud-native that is scalable and provides advanced threat protection, and 360 data protection through award-winning DLP and encryption.
To find out more about how Infotrust and Netskope can help your organisation secure your third-party apps and cloud services contact us today.
*Netskope – Shift your Web Security to the Cloud, for the Cloud White Paper