July 25, 2016 By Patrick Wardrop 2 min read

Cloud is here to stay. Whether they realize it or not, businesses large and small have adopted cloud applications, and most companies have a growing concern about their cloud security posture.

Shadow IT: A Dark Cloud

Some cloud applications have a very simple enrollment process, which makes it easy for employees to sign up for the service without involving the IT department.

Shadow IT is what occurs when employees adopt cloud applications without approval or involvement from their IT department. It can be difficult to know what cloud applications have risk or threat exposures. If companies don’t provide a way for employees to understand what applications are allowed, shadow IT will continue.

Shadow IT can be discovered by using a cloud access security broker (CASB). CASBs are the future of cloud security. Unfortunately, most companies haven’t made the shift and are using static, outdated data to determine their risk exposure. They aren’t helping to coach employees to use low-risk, sanctioned cloud applications.

Training Goes a Long Way

Most shadow IT happens because employees are trying to do their jobs more efficiently and don’t know the risks of their actions. Coaching and training employees on the risks and pointing them to approved cloud applications will go a long way toward reducing risk and controlling shadow IT.

It is risky for companies to use outdated static data to determine the current or potential exposure for employees’ usage of unsanctioned or even sanctioned cloud applications. When enterprises hand over their corporate data to third parties, they should be sure that the cloud application provider is contractually obligated, prepared and equipped to handle that information.

Cloud Security Measures

To adopt cloud applications safely and prevent shadow IT, companies need to look for a CASB that not only discovers cloud applications, but also makes it easy for companies to connect with and teach employees about what is already approved. Additionally, the CASB should provide dynamic threat and risk data about the cloud applications being used.

More from Cloud Security

2024 Cloud Threat Landscape Report: How does cloud security fail?

4 min read - Organizations often set up security rules to help reduce cybersecurity vulnerabilities and risks. The 2024 Cost of a Data Breach Report discovered that 40% of all data breaches involved data distributed across multiple environments, meaning that these best-laid plans often fail in the cloud environment.Not surprisingly, many organizations find keeping a robust security posture in the cloud to be exceptionally challenging, especially with the need to enforce security policies consistently across dynamic and expansive cloud infrastructures. The recently released X-Force…

Cloud threat report: Why have SaaS platforms on dark web marketplaces decreased?

3 min read - IBM’s X-Force team recently released the latest edition of the Cloud Threat Landscape Report for 2024, providing a comprehensive outlook on the rise of cloud infrastructure adoption and its associated risks.One of the key takeaways of this year’s report was focused on the gradual decrease in Software-as-a-Service (SaaS) platforms being mentioned across dark web marketplaces. While this trend potentially points to more cloud platforms increasing their defensive posture and limiting the number of exploits or compromised credentials that are surfacing,…

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today