Cloud computing's ascent in recent years has provided CIOs and IT managers with yet another security headache to contend with: shadow IT. Microsoft's new Cloud App Security, officially released today, helps take the mystery out of this vexing problem.
Shadow IT generally refers to the unsanctioned use of public software-as-a-service (SaaS) applications and cloud services by an organization's users. Lacking visibility into these apps and control over their usage, enterprises are at risk of data leakage, intentional or otherwise.
Last year, the Logicalis Global CIO survey revealed that 90 percent of CIOs worldwide have had their IT purchasing decisions bypassed by their line-of-business colleagues. A recent analysis by Cisco found that CIOs and IT managers vastly underestimate the amount of shadow IT consumed by their workforces. The average large enterprise uses more than 1,200 public cloud services, roughly 25 times more than the typical IT department's conservative calculations.
Microsoft's own data, also released today, shows that 80 percent of employees in corporate settings use unapproved SaaS apps for work. In addition, each employee uses 17 cloud apps on average, posing a challenge for IT administrators in terms of data security, privacy and compliance.
Further, Microsoft found that 70 percent of enterprise organizations allow cloud administration tasks to be performed from noncorporate networks with lax security. Ninety-one percent of organizations also permit their users to access their cloud storage with personal accounts.
Seeking to improve visibility into cloud app usage in enterprise environments, Microsoft acquired Adallom last year. The cloud security startup's software acts as a security broker that enables IT departments to place cloud access controls on users and keeps tabs on corporate data stored on third-party clouds. It works with popular cloud applications, including Box, Dropbox, Salesforce and Microsoft's own Office 365.
As promised back in February, Microsoft announced the general availability of its Adallom-powered Cloud App Security product today, priced at $5 per user per month.
"The solution provides a set of capabilities to help companies design and enforce a process for securing cloud usage; from discovery and investigation capabilities, to granular control and protection," wrote Microsoft's Cloud App Security team in a Cyber Trust Blog post. "It is easy to deploy, setup and use and provides out-of-the-box value immediately, as well as rich tutorials for unlocking advanced capabilities."
Cloud App Security offers app discovery, helping IT administrators sniff out cloud application usage from all devices in a network. The feature is complemented by a set of risk assessment, scoring and analytics capabilities.
Configurable data loss prevention (DLP) and data sharing policies and controls enable organizations to control the movement of sensitive corporate information on sanctioned apps. According to Microsoft's research, each organization externally shares 13 percent of its files, on average. Of those files, 25 percent are shared publicly. The product also employs anomaly detection and behavioral analytics to provide threat protection for cloud apps, further reducing the risk of public cloud application usage in the enterprise.