Fighting Shadow IT: 10 Best Practices to Prevent Enterprise Data Leaks

By Chris Preimesberger  |  Posted 2013-10-21 Print this article Print

As soon as business data leaves a corporate network and moves to any personal device, it becomes an immediate risk and presents a serious security and data management challenge. Businesses are struggling to securely share files because employees are turning to consumer services outside the network to get the job done themselves without bothering to communicate to IT. Easy data access will win just about every time if it comes up against corporate policy. Since the single biggest cause of data leaving the network is a company's employees, guidelines need to regulate how corporate information is shared. IT also needs to have the tools to keep corporate data out of harm's way. This eWEEK slide show offers several excellent resources and best practices for protecting corporate data. The companies and executives who provided these tips are: Mimecast: Grant Hodgkinson, Product Director; Quinton Wall, Director of Technical Platform Marketing; Riverbed: Dormain Drewitz, Senior Solutions Marketing Manager; and CommVault: Greg White, Senior Product Marketing Manager.

  • Fighting Shadow IT: 10 Best Practices to Prevent Enterprise Data Leaks

    by Chris Preimesberger
    1 - Fighting Shadow IT: 10 Best Practices to Prevent Enterprise Data Leaks
  • Protect All Data, Everywhere

    Data fragmentation, or data outside IT-managed systems stored on personal computers, devices and cloud services, is a real risk to corporate security. Shadow IT fragments business data and creates conflicting versions of information, increasing the chance of data leakage or loss. Enterprises need to protect all forms of business data by empowering IT to take the lead on data encryption and backup practices and create guidelines for management of data on personal or "nonauthorized" devices and services.
    2 - Protect All Data, Everywhere
  • Understand and Streamline Your Data

    Businesses should establish policies and procedures for data types to determine what data is most valuable and how long it should be retained. Where possible, automation should be used to transfer less used or old data to an archive, freeing storage space while retaining the older data for specific usage later. This reduces the storage costs of data for immediate use, which generally increase incrementally due to the tendency to retain all information.
    3 - Understand and Streamline Your Data
  • Take Your Archive to the Cloud

    Enterprises can reduce storage cost by using archiving systems to manage information that needs to be kept long-term when it is no longer active. By leveraging the cloud, businesses can use an always-online cloud service that enables access to data via a browser or mobile app. This effectively turns an archive into a valuable interactive repository of historical business data.
    4 - Take Your Archive to the Cloud
  • Single Solution: Unify Where Data Exists

    Companies are increasingly using the cloud to create a shared infrastructure model for IT utilizing both on-premises and cloud services. By using a single platform to manage information in the data center, at the edge and in the cloud, IT can make access to data secure while ensuring that laptops and desktops can be backed up with the same software that protects the data center.
    5 - Single Solution: Unify Where Data Exists
  • Sync and Provide Access to Data Virtually Anywhere

    Whether on a desktop, laptop or mobile device, employees expect access to company data. If enterprises don't provide a secure solution for access to corporate data, employees will find their own ways to manage information to work efficiently using consumer products that can put the organization at risk. By efficiently managing, syncing and protecting data, IT organizations can provide employees with anywhere/anytime access to information on-the-go while maintaining secure controls and adhering to corporate policies.
    6 - Sync and Provide Access to Data Virtually Anywhere
  • Eliminate Redundant Data

    Confusion is often the result when copies of the same document are being saved by multiple people in several different places; this drives employees to save documents using third-party consumer solutions. Through global deduplication, businesses can ensure that one copy of the document exists and can provide employees with access to it only through the secure enterprise solution the IT manages and chooses to use for the organization.
    7 - Eliminate Redundant Data
  • Centralize Visibility, but Don't Enforce Control

    Visibility into what employees are doing is critical for compliance, deploying and deactivating applications, and other requirements. However, many organizations use this visibility to enforce control. The result is that employee productivity is negatively affected, giving rise to shadow IT apps and processes. Successful companies embrace modern tools and platforms that allow centralized visibility and manage control in a trusted manner that empowers users.
    8 - Centralize Visibility, but Don't Enforce Control
  • Evolve Beyond Perimeter Authentication

    Identity management has moved beyond the days when it was acceptable to simply authenticate users at the network perimeter and trust their actions thereafter. With the growing acceptance of mobility, cloud and shadow IT, enterprises need to evolve beyond perimeter-based authentication. They need to have context about all the employees and know what actions users are trying to complete; they also need to know if the user should be permitted to take the specific action he or she wants to take.
    9 - Evolve Beyond Perimeter Authentication
  • Invest in Self-Service

    Shadow IT is partly driven by business users and developers becoming frustrated with traditional IT procurement and deployment cycles. Give users and developers the access and control they crave by creating self-service portals for provisioning IT resources and services. This is more than the old help desk ticket portal; this means building an enterprise app store for users and IT services portal for developers. Provisioning from these portals should be automated (with approvals built into the workflow as needed), which means the underlying resources—compute, storage, network, firewall, app delivery, monitoring—need to be programmable.
    10 - Invest in Self-Service
  • Educate Users About the Benefits and Risks

    If you want to change behavior, you need to explain why the IT way is better than the shadow-IT way. Shadow IT presents a headache for IT for lots of reasons: security, cost, troubleshooting time and so on. But that's not what makes a compelling case to users and developers who are working around the system. Instead, put the benefits (and risks) in their terms. For example, IT can provide performance service-level agreements that shadow IT may not be able to provide, and IT can negotiate vendor agreements at scale that get better prices than shadow side deals.
    11 - Educate Users About the Benefits and Risks

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel