Of all the vital responsibilities C-level executives have, keeping data secure is a big one. Especially today, when many managers consider data to be the "new gold" or the "new oil”… feel free to add your own metaphor.
The Harvard Business Review has published a number of articles that say that those who leverage their data best will be at a competitive advantage.
“Data-driven decisions tend to be better decisions. Leaders will either embrace this fact or be replaced by others who do,” wrote Andrew McAfee and Erik Brynjolfsson in an article in 2012.
But what happens when your strategic data is at someone else’s disposal as well? And we’re not just talking about data that’s been hacked or deliberately open sourced and shared with select parties, but also the stuff that your employees lob over company firewalls for convenience sake.
If you’re a manager this kind of behavior should be cause for concern because we could be talking about the very strategic assets and intellectual property you’ve been charged to protect.
Where's Your Data?
Nothing slips outside of my company’s walls without my knowing about it, you may be thinking. If you’re right, then good for you.
That being said, though, you might stop to consider what Netskope, a cloud app analytics and policy enforcement vendor, found in a study that analyzed tens of billions of cloud app events seen across millions of users from July through September this year.
Enterprises use an average of 579 cloud apps (authorized and non-authorized) and 88.7 percent of them are not enterprise ready
The usual suspects are not the main offenders. If you think that Twitter, Dropbox and Evernote are the primary unauthorized apps in the workplace, you’re wrong. The survey found that line-of business apps for marketing, collaboration, HR, productivity and storage are the most prevalent.
- 21 per cent of data uploaded to cloud business Intelligence apps are in apps whose terms and conditions say the app vendor owns the data
- For every upload to cloud software development apps, there are three downloads (meaning that your content is leaving data center walls)
- More than one-third of all cloud data leakage policy (DLP) violations (involving data such as personally-identifiable health information, payment information, and “company confidential” information occur on mobile devices.
- For every upload in a SFA or CRM app, there are 13 downloads
- 70 percent of data that are uploaded to cloud storage apps are to ones that don’t separate the tenant in the cloud
Time to Reassess
Left unchecked, this situation isn’t likely to get better. And, it goes without saying, that it will cause problems. What’s an IT manager to do?
While reigning in shadow IT may seems like the obvious answer, Sanjay Beri, CEO and co-founder of Netskope said that it’s not enough.
“Organizations need to think beyond enterprise-readiness and about the context of the usage. It is the 'who, what, where, and how' around the usage that we think matters the most," he said.
Beri recommends that IT Managers regain and maintain control of their data by taking three steps:
- Understand the apps in use and how they rate according to industry criteria. You can get a free a free cloud risk assessment here.
- Analyze the usage and what content is at stake. Knowing if people are accessing unsanctioned apps over mobile devices and if the data are sensitive makes a big difference when deciding how you're going to proceed. The same applies to apps that you've sanctioned — like Office 365 or Salesforce.com — where you've rolled out an app and it's taken off like wildfire, yet you don't truly understand the sensitivity of the data being shared (and whether that's just within the company or to outside collaborators).
- Use the intelligence provided from step two to develop policies and coach users around safe cloud app usage. A non-enterprise-ready app can be made enterprise-ready with the right security and usage policy in place.
With 579 apps running in the average enterprise, IT managers have their work cut out for them. But there are tools, like Netskope’s Active platform to help them. In addition, Beri said that companies that have embraced single sign on tools like Okta, OneLogin and Ping Identity have an additional leg up when it comes to enabling clean on and off-boarding as well as for best practices when it comes to identity management.