Netskope — Shadow IT Is A Good Thing
•Download as PPTX, PDF•
1 like•1,595 views
Shadow IT is often used in a derogatory manner, but what if the apps and services a company's employees are bringing into the enterprise were actually the secret to their success? What if the efficiency and productivity gains your company is experiencing are owed, in part, to these apps that IT isn't responsible for sourcing and enabling? In this presentation Netskope discusses the challenges and opportunities that come from the use of rogue apps in the enterprise and how IT can turn the corner and end the catch-22 between enablement and security.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Netskope — Shadow IT Is A Good Thing
Similar to Netskope — Shadow IT Is A Good Thing (20)
More from Netskope
More from Netskope (13)
Recently uploaded
Recently uploaded (20)
Netskope — Shadow IT Is A Good Thing
- 1. Making Shadow IT Work
- 2. Dear , I love you, I hate you. Regards, The CIO
- 4. CLOUD CAGR FOR ‘13-’17 WILL BE 5X OF IT INDUSTRY AS A WHOLE
- 5. ORGANIZATIONS ARE PUTTING THE CLOUD TO WORK FOR BUSINESS
- 7. unsanctioned CLOUD APPS 72% * OneLogin Survey 2012 of people admit to using
- 8. of CLOUD APPS don’t make the grade 75% Cloud App Cloud App Cloud App Cloud App REPORT CARD * Netskope Research, Adapted from CSA’s Cloud Controls Matrix
- 9. Evaluating Apps on Objective Criteria • Measure of a cloud app’s enterprise-readiness • Based on the app’s security, auditability, and business continuity • Based on 30+ objective criteria adapted from the Cloud Security Alliance EXCELLENT HIGH MEDIUM LOW POOR * Netskope Research, Adapted from CSA’s Cloud Controls Matrix
- 10. 1% 22% 34% 16% 27% EXCELLENT HIGH MEDIUM LOW POOR * Netskope Research, Adapted from CSA’s Cloud Controls Matrix
- 11. * Netskope Research, Adapted from CSA’s Cloud Controls Matrix
- 12. Reasons Apps Do Well and Fall Short * Netskope Research, Adapted from CSA’s Cloud Controls Matrix
- 13. * Netskope Research, Adapted from CSA’s Cloud Controls Matrix
- 14. Example: User and Admin Audit • Admin audit logs • Change/upgrade notifications • Data access logs • Infrastructure status reports • User audit logs
- 15. Example: Certifications and Compliance • Compliance certifications – HIPAA – PCIDSS – etc. • Datacenter certifications – SOC-1, -2 – ISO27001 – etc.
- 16. Key Capabilities • Audit and alert capabilities • Certifications and compliance • Data classification capabilities • Disaster recovery and business continuity • Encryption • File sharing • Policy enforcement and access control
- 17. June 10, 201417 10% 90% Most Organizations Underestimate Cloud App Usage by 90%
- 18. CLOUD HAS CREATED A BLIND SPOT The average number of security While the percent of people stating they “don’t know” Source: PwC In the past 2 years… if they’ve had a security breach increased 100% incidents has risen 25%
- 19. The Multiplier Effect of a Cloud Breach 3.3 devices per knowledge worker 50% of people share content via unapproved cloud services 90% of organizations that lost sensitive content via file sharing 5 out of top 10 data breaches involved cloud ? Source: Cisco Source: Ponemon Source: CRNSource: Ponemon 0100 01 1 110 01 1 1010
- 20. Cost of a data breach: $5.4 million Source: Ponemon • Remediation costs • Brand and reputation impact • Loss of intellectual property • Fines for non-compliance • Cost and time for reporting and prevention
- 21. Yet, people love their cloud apps, and for good reason Anywhere Access CollaborationProductivity
- 22. CAN’T COMPLY WITH SOX, ETC. • Public biosciences co. would like to embrace cloud, but doesn’t know what services are running • Can’t evaluate new services • Can’t attest to access/auth usage for SOX and other regs, e.g., HIPAA
- 23. POTENTIAL DATA LEAKAGE • Large media firm discovered a dozen cloud storage apps, plus others in which data could be shared • IT must see what sensitive data are being uploaded • Then, see whether data are being shared, and with whom
- 24. POST-EVENT FORENSICS • High tech company suspects theft of proprietary documents by a departing employee • IT must construct audit trail, showing user download from corporate account and subsequent upload to and share from personal account
- 25. DISCOVER APPS & EVALUATE RISK • Discover all apps, known or not • Objectively evaluate apps’ enterprise-readiness • Score apps on security, auditability, and business continuity
- 26. ANALYZE USAGE • Discover who’s using what apps, from where, and on what device • See what class of data are being uploaded, downloaded, shared • See with whom data are shared
- 27. LIMIT ACTIVITIES VS. BLOCK APPS • Rather than block an app, limit usage (e.g., don’t share with people outside of the company) • Use context such as user, location, device, data class, and user activity
- 28. VERIFY AND THEN TRUST • Create risk model of scenarios involving user, app, data, activity, and other contextual factors • Set watch lists on scenarios that represent the most risk
- 29. CONSIDER CONTEXT IN EVERYTHING YOU DO • Consider contextual factors when shining a light on shadow IT, running analytics and setting policies • Think about user, group, location, time, device, OS, app, and app score
- 30. 1. DISCOVER cloud apps and evaluate risk 2. Analyze USAGE 3. LIMIT activities vs. blocking apps 4. VERIFY and then trust 5. Consider CONTEXT in everything you do
- 32. THANK YOU
Editor's Notes
- How many IT executives have this exact same sentiment – Dear Dropbox, I love you, I hate you. Essentially this is the dynamic at hand. On one side your users are finding a way to get their work done. Whole lines of business are taking advantage of these quick to procure and deploy tools.
- Tools like Dropbox, Salesforce.com, Box, Evernote and the thousands of apps you may have never heard of. You want to enable and say “yes” but you also know that many of these introduce security risks that you can’t sit by and let stand un-mitigated.
- And the pass of this growth and adoption isn’t slowing. IDC expects the Compounding Annual Growth Rate to be 5x from 2013 through 2017. That’s a freight train and your business is already on board whether you like it or not.
- And this is a good thing, right? Look at this data from KPMG showing the rate of adoption as it relates to specific functions. And many of these business units view these cloud apps as business critical.
- But you still have the problem of determining just who is using these apps and what they’re doing in them. You want details so you can have a better conversation about them.
- Because if 72% of people admit that they’re using cloud apps without IT knowledge, that’s an overwhelming majority that you can’t shut down without detailed information.
- Details like “are these apps enterprise-ready?” According to Netskope’s data, more than three quarters rated “Medium” or below in Netskope’s Cloud Confidence Index – that’s not enterprise-ready.
- Netskope looks at these apps critically to score them.
- Actual breakdown. Note that this is in terms of app counts. It is also reflected in our customer assessments – so it’s actually like this IN ENTERPRISES. Moreover, USAGE breaks down like this. In other words, not only do enterprises have these low-quality apps installed, but they’re being used in these same proportions.
- And what they don’t know about is bigger than you’d think. In the assessments we do for our customers and prospects, our solution discovers about 10x their estimate of what they have.
- But the fear is that without the visibility and control you’ve been able to exert in non-cloud environments, with the cloud you have a blind spot. Over the past two years, while the total number of incidents has risen by 25%, the number of people who DON’T KNOW how many incidents they’ve had has risen by 100%.
- And among the most concerning of security incidents are data breaches. Because you’re now dealing with the cloud, the functionality that makes cloud so useful and collaborative also increases both the probability and potential surface area of a breach. Let’s talk through it. Devices. Cloud makes it easy for people to access services from multiple devices. Couple that with the trend of multiple devices per user. A recent Cisco study indicates 3.3 devices per user. This increases the number of access points for the same service. Sharing. This is something that the cloud has enabled that we’ve never been able to do before. But with the click of a button, people can now share a piece of content and that content is now out of the company’s control and potentially could be shared and shared again to an endless tapestry of connected endpoints. Indeed, Ponemon took a look at just one aspect of cloud breaches – those in file sharing, or cloud storage, apps – and found that 90% of organizations reported losing sensitive content via file sharing technologies. And even though these breaches often go undetected, the number of high-profile breaches involving the cloud is growing. CRN did a recent roundup of the top 10 data breaches and found that 5 involved cloud apps. That’s what we call the multiplier effect of a cloud breach.
- Ponemon estimates the cost of a data breach at $5.4 million. There are a number of factors that go into that number, and many intangibles that aren’t included. But if you think about the top impacts of a breach, they include remediation costs, brand a reputation impact, loss of IP, fines, and of course both cost and time to do internal company and board-level reporting and engage in prevention activities, which can be incredibly time-consuming and cause a loss in productivity.
- The cloud makes it really easy for them to do their jobs. And that’s what we all want, right?