| |||||||||
| |||||||||
Current Filter: >>>>>> In too deep? Editorial Type: Opinion Date: 09-2015 Views: 1735 | |||
| Dana Wolf, Senior Director for Products at OpenDNS explains how cloud-based reporting can be used to combat the effects of Shadow IT Last year was notable for many reasons, not least of which was that it set new records for software vulnerabilities, with more than 7,000 added to the US National Vulnerability Database (NVD). Of those recorded, it is estimated that 83 per cent were found in third-party applications - and of course there's no sign that this trend will slow any time soon. Armed only with a credit card and a browser, anyone can purchase low-cost subscription licenses and have a new SaaS application up and running in no time at all. Importing corporate data and integrating with other enterprise applications can also be achieved without the involvement or even the awareness of the IT professionals charged with such responsibility. It's not in an employer's interest to inhibit employee creativity, enthusiasm or productivity, and they most certainly should not force employees to choose between doing their jobs and protecting company assets. Given this, how can enterprise IT teams fulfil their clear obligations and provide a secure network in this new environment: Shadow IT?
REPORTING AND NETWORK VISIBILITY Good network visibility means that IT admins or security professionals auditing for internal threats can easily determine if someone is using an unsanctioned file sharing service, or if the smart TV in the conference room is making calls to Korea when it's when not in use. Considering the risks that come with IoT and how pervasive they are becoming in the enterprise, being able to link network activity from IoT devices - and cloud services in general for that matter - to an employee identity is highly valuable for IT and security professionals with limited time. A reporting tool, based in the cloud could help by delivering the following key functions.
OFF-NETWORK REPORTING
IT'S NOT ALL FUD
USEFUL EVEN WHEN NOT PROACTIVE The first step is determining who uses that third-party service. If a cloud-reporting tool is already in place, system administrators can find out who uses this service and advise them to change passwords. If the tool also records activity in near real time then reaction times to breaches or announcements can drop significantly, including those relating to third-party applications and software. NC | ||
Like this article? Click here to get the Newsletter and Magazine Free! | |||
Email The Editor! OR Forward Article | Go Top | ||
PREVIOUS | NEXT |