Your Employees and Their 917 Different Cloud Apps. Are You a Sitting Duck?

Tuesday, May 3rd, 2016

targeted duckEvery day someone in your company is using a cloud app. Actually, it is probably more like every minute. Let’s not go into the personal versus work devices on the company network, or whether it is Facebook or Dropbox they are using. Those details don’t really tend to matter when the access allowed is for your own business to decide. It is about the sheer number of cloud services and apps in use in the enterprise today, the visibility in knowing what they are, and the many employees who are left out of the conversation.

We hear managers talk about how it can’t happen to them. They have the best employees, and the discussion is unnecessary. It is already understood–they would NEVER do that! Or our favorite–big brother–the need to let your employees know you really trust them and respect their privacy by allowing them to do what they think they need to do on their own. But that’s not going to protect your business when malware hits or a breach happens . . . and the chances of these happening to you are growing exponentially every day, especially when you are not communicating security issues with your employees.

With all the headlines being about Shadow IT, malware, data loss, intrusions, and ransomware, you would think it would be a common workplace discussion. But based on some recent surveys, companies aren’t saying much internally.

Some numbers that may surprise you. What percentage of employees:

  • Have not been told the right way to download/use cloud applications: almost 60%
  • Have not been told risks of downloading cloud apps without IT’s knowledge: just under 40%
  • Have not been told how to transfer and store corporate data securely: over 40% !!!!

To keep things in perspective–studies are showing that on average, enterprises have 917 different cloud apps in use!

This is not a respect for privacy issue. It’s a security issue, for your business and for your employees! Keeping them in the dark does not show them respect or protect them, it makes them victims before anything even happens.

As technology gets stronger, we as individuals have more decisions on what we use to make our lives, including work, more efficient. But if you do not educate and communicate regularly about cyber threats with your employees, have real visibility into their Web usage, or have a clear, agile Acceptable Use Policy (AUP), you are basically a sitting duck.

About Wavecrest Computing

Celebrating 20 years in business, Wavecrest Computing, headquartered in historic downtown Melbourne, FL, has provided commercial business and government clients with reliable, accurate Web-use management and Cloud Access Security Broker products since 1996. Managed Service Providers, IT specialists, HR professionals, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage employee Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Wavecrest has clients worldwide, including General Electric, Lockheed Martin, Florida Department of Health, Siemens, Department of Homeland Security, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit http://www.wavecrest.net.

 

*Stats based on surveys from Softchoice and Netskope.

Can you see your enterprise shadow IT?

Monday, July 20th, 2015

shadow-it-300x171Can you? It’s there…hidden on your employees’ devices and on your network. We all know people try to use the path of least resistance in getting something done. Today, cloud computing allows us all to do almost anything from anywhere with relatively no resistance at all. Within corporations though, this can become a problem commonly known as shadow IT. “There are an astonishing 10,000 cloud services available on the market today, which creates a growing problem for IT around Shadow IT as only 9.3 percent of those apps meet enterprise data, security and legal requirements, cloud security company Skyhigh Networks found in its Q1 2015 Cloud Adoption and Risk Report.” Corporations need to control their proprietary information, network, and Web security. While employees may be thinking they can get their job done faster, the corporation is thinking about threats. “The result is technologies that empower individuals and teams limit the organisation as a whole.”

There are several views for this, all valuable. From the employees’ view, they believe they are finding ways to be more productive and efficient by using technology that is easily accessible and likely, not costing the corporation anything additional. It is quick and easy and can get the job done before the IT department would even have a chance to look at a request form. So, why would the corporation be upset? Here’s why–unauthorized applications, or shadow IT, can cause serious risks, such as Malware, data loss, and other severe network security concerns. As the responsible party, IT needs to know what is happening, especially when it comes to the random unauthorized applications users are bringing into the network.

What can be done? Which view holds more importance? That depends on your organization but gathering the information to make that decision can be quick and easy. You need total visibility into Web use so you can find and analyze any potential shadow IT. Proactive, comprehensive reporting of all Web-use activity allows a full view of users’ activities. IT and management need to see detailed drill-down activity per user, per group, or per category, and determine if the “shadow” application is to be quarantined, or discover the application is actually useful to the organization as a whole and add to the acceptable applications list.

It is important to take into consideration the employees’ need to have access to useful and contemporary tools. No post, article, or news story can tell you what to do within your organization. Only you know what will best suit your environment. Try collaboration though, between users, management, and IT. The key is to find the most useful applications and move toward applications that work, with the best interest of the overall corporation at heart.

Wavecrest Computing has been the recognized leader in Web Security for over 19 years with CyBlock and Cyfin Solutions. These scalable filtering and forensic reporting analysis products are designed to enable organizations to successfully address Internet abuse, legal liability, shadow IT, workforce productivity, and Web security threats.