IT security pros have it rough: the pace of modern workflows has turned perimeter security solutions into sieves. As those security pros try to keep up with new threats, they might be better off taking the opposite approach and slowing down. Over the coming years, the largest cyber threats won’t be new; instead, they will come from well-known vulnerabilities. To address these vulnerabilities, businesses don’t even need to look beyond their own network.
As cloud apps become increasingly pervasive, they are challenging security teams with limited visibility and control options. The cyber threats of the future will take place within the Shadow IT that exists today. The unsanctioned use of cloud apps creates Shadow IT – an unmonitored, uncontrolled, and insecure part of a business’ network activity. Shadow IT creates new threat vectors that range from poor internal behavior that leaks data to open doors for criminally-minded hackers. The good news is that there are easy ways to start addressing Shadow IT that doesn't require breaking your company’s piggy bank.
Among the many vulnerabilities on networks, Gartner predicts Shadow IT to be the chief concern in the coming years. To deal with Shadow IT, they recommend that corporate strategy shifts to “create a culture of acceptance and protection versus detection and punishment,” while also developing, “an enterprise-wide data security governance (DSG) program.” Sometimes the free options are the best, but unfortunately, fully addressing Shadow IT will require more than new policies and behaviors.
Monitoring for Threat Deterrence
To mend the security gaps created by cloud apps, Gartner forecasts that Cloud Access Security Brokers (CASBs) will be the top technology for information security in the coming years. CASBs give CISOs an opportunity to monitor Shadow IT and apply enterprise security policies across multiple cloud services. Not all businesses will need to directly control every facet of their employees’ cloud app activity, but they should at least have visibility to monitor for risks.
Part of addressing known security threats is taking a moment to slow down and reprioritize the threat landscape. Given the onslaught of threats, developing a strategy and acting deliberately is more important than ever. The pressure is on CISOs to identify data security policy gaps, develop a roadmap to address the issues and seek cyber insurance, like monitoring, when appropriate. Each step should be part of a larger strategy. Shadow IT is a well-known and growing threat to business IT security that should be included in these new strategies. The time to act is now.