Download - Netskope — Shadow IT Is A Good Thing

Making Shadow IT Work

Dear ,

I love you, I hate you.

Regards,The CIO

CLOUD CAGR FOR ‘13-’17 WILL BE 5XOF IT INDUSTRY AS A WHOLE

ORGANIZATIONS ARE PUTTING THECLOUD TO WORK FOR BUSINESS

Who?

What?

When?

with Whom?

unsanctioned CLOUD APPS 72%

* OneLogin Survey 2012

of people admit to using

of CLOUD APPS don’t make the grade

75% Cloud App

Cloud App

Cloud App

Cloud App

REPORT CARD

* Netskope Research, Adapted from CSA’s Cloud Controls Matrix

Evaluating Apps on Objective Criteria

• Measure of a cloud app’s enterprise-readiness• Based on the app’s security, auditability, and

business continuity• Based on 30+ objective criteria adapted from the

Cloud Security Alliance

EXCELLENT HIGH MEDIUM LOW POOR


1%

22%34%16%27%

EXCELLENT

HIGH

MEDIUM

LOW

POOR


Reasons Apps Do Well and Fall Short


Example: User and Admin Audit• Admin audit logs• Change/upgrade notifications• Data access logs• Infrastructure status reports• User audit logs

Example: Certifications and Compliance• Compliance certifications– HIPAA– PCIDSS– etc.

• Datacenter certifications– SOC-1, -2– ISO27001– etc.

Key Capabilities• Audit and alert capabilities• Certifications and compliance• Data classification capabilities• Disaster recovery and business continuity• Encryption• File sharing• Policy enforcement and access control

April 14, 202317

10%

90%

Most Organizations Underestimate

Cloud App Usage by 90%

CLOUD HAS CREATED A BLIND SPOT

The average number of security

While the percent of people stating they “don’t know”

Source: PwC

In the past 2 years…

if they’ve had a security breach increased 100%

incidents has risen 25%

The Multiplier Effect of a Cloud Breach

3.3 devices perknowledge worker

50% of people share content via unapproved cloud services

90% of organizationsthat lost sensitivecontent via file sharing

5 out of top 10 data breaches involved cloud

?Source: Cisco Source: Ponemon

Source: CRNSource: Ponemon

0100011 110 01 1

1010

Cost of a data breach:

$5.4 million

Source: Ponemon

• Remediation costs• Brand and reputation impact• Loss of intellectual property• Fines for non-compliance• Cost and time for reporting and prevention

Yet, people love their cloud apps, and for good

reasonAnywhere Access CollaborationProductivity

CAN’T COMPLY WITH SOX, ETC.

• Public biosciences co. would like to embrace cloud, but doesn’t know what services are running

• Can’t evaluate new services

• Can’t attest to access/auth usage for SOX and other regs, e.g., HIPAA

POTENTIAL DATA LEAKAGE

• Large media firm discovered a dozen cloud storage apps, plus others in which data could be shared

• IT must see what sensitive data are being uploaded

• Then, see whether data are being shared, and with whom

POST-EVENT FORENSICS

• High tech company suspects theft of proprietary documents by a departing employee

• IT must construct audit trail, showing user download from corporate account and subsequent upload to and share from personal account

DISCOVER APPS & EVALUATE RISK

• Discover all apps, known or not• Objectively evaluate apps’

enterprise-readiness • Score apps on security,

auditability, and business continuity

ANALYZE USAGE

• Discover who’s using what apps, from where, and on what device

• See what class of data are being uploaded, downloaded, shared

• See with whom data are shared

LIMIT ACTIVITIES VS. BLOCK APPS

• Rather than block an app, limit usage (e.g., don’t share with people outside of the company)

• Use context such as user, location, device, data class, and user activity

VERIFY AND THEN TRUST

• Create risk model of scenarios involving user, app, data, activity, and other contextual factors

• Set watch lists on scenarios that represent the most risk

CONSIDER CONTEXT IN EVERYTHING YOU

DO• Consider contextual factors when

shining a light on shadow IT, running analytics and setting policies

• Think about user, group, location, time, device, OS, app, and app score

1. DISCOVER cloud apps and evaluate risk2. Analyze USAGE3. LIMIT activities vs. blocking apps4. VERIFY and then trust5. Consider CONTEXT in everything you do

THANK YOU