Shadow IT (or user-led IT) has two sides, one is bright, the other dark. The bright exudes resourcefulness — it’s about people and the unwavering march of productivity. On the dark side, it’s about using services that avoid watchful compliance and security personnel. In either case, Shadow IT is commonplace today with more than 1,000 cloud services in use in the average enterprise.
At Netskope, we believe that the prevalence of the bright side far exceeds the dark side, despite the “shadow” name. The unfortunate truth is that many security professionals we talk to are still taking a hard line against Shadow IT. The common refrain: If IT didn’t sanction it, we will block it. Admittedly, the rationale behind this was sound a few years ago. After all, knowing what people are doing in these cloud services was rather difficult with the insight legacy security tools provided. But things are different today and moving beyond a knee-jerk disposition to block is imperative to your business, your security, and regulatory compliance.
Your call to action: Find a way to safely permit Shadow IT, and make sure you can do so at scale without over burdening your personnel.
We recently published a white paper entitled Allow is the New Block: 10 Requirements for Saying “Yes” to User-led Cloud Services that outlines this topic in greater detail. Within you’ll learn:
- Why blocking doesn’t work due to undetectable use and exception sprawl;
- The risks with simply allowing Shadow IT services if you don’t have the right visibility and control;
- A list of 10 requirements you should have if you want to safely permit use.
You can download the white paper here. Have questions or comments? We’d love to hear from you in the discussion box below.
