IBM has produced new cloud security technology that helps protect organizations from risks associated with the increasing use of “bring your own” cloud apps at work.
Big Blue’s new Cloud Security Enforcer gives companies visibility into all third-party cloud apps used by their employees, provides a secure way to access them, and enables companies to control which corporate data can and cannot be shared with the apps.
Cloud Security Enforcer helps companies address a potentially significant security exposure, as they currently only have visibility into a fraction of the cloud apps used by their workforce.
Indeed, new research from IBM found that one-third of employees at Fortune 1000 companies are sharing and uploading corporate data on third-party cloud apps. Employees today are increasingly engaging in risky practices on these tools, such as signing in with their personal email addresses, using weak passwords or re-using corporate log-in credentials.
IBM’s study of more than 1,000Fortune 1000 employees showed that one out of every three employees is uploading and sharing corporate data to third-party cloud apps, often without the knowledge of their employer. With little or no visibility into these apps, companies have no awareness of the risky activities being performed on them, which the survey also uncovered.
IBM noted that choosing convenience over security is a growing trend and it is being compounded further with the influx of Millennials into the workforce, who will make up half of the globe’s workers by 2020. The study found that currently, one out of every two Millennials is sharing work data to outside cloud apps.
The company is working with its partner, Box, and other popular cloud app providers to make these apps safe for work. The new cloud-based technology connects into the most commonly used work apps enabling companies to secure the third-party apps their employees are using out of policy. It also constantly monitors the risks of these apps being breached, based on intelligence of malicious activity happening around the world.
While the cloud offers greater productivity, security tradeoffs can result in the loss of control of corporate data, and the inability of companies to protect employees’ identities. With the release of Cloud Security Enforcer, IBM is extending users’ control, visibility, security and governance inherent to their hybrid cloud environments.
“Other vendor technology in the market today manages just the discovery of which cloud apps employees are using,” said Caleb Barlow, vice president of mobile management and security at IBM. “IBM Security Cloud Enforcer goes well beyond just discovery -- it actually gives employees a path for using the third-party cloud apps they want as it centrally manages access via secure log-in credentials. No other company in the cloud access security broker space does this identity management. Previously, companies needed several different technologies to do some of these things. Now, however, they just need one SaaS technology in Cloud Enforcer.”
IBM’s study also showed that one in every four employees is linking cloud apps and services apps to their corporate log-in and password, leaving loopholes through which hackers can gain access to company networks.
When employees conduct rogue activities on unsanctioned apps, known as “Shadow IT,” companies lose control over and visibility into sensitive data.