The danger lurking in your shadow data
The rise of cloud-based productivity apps is great for work but a security and compliance nightmare
Fast, efficient and agile is where work is at and an ever-growing range of cool smart apps is on hand to help us do that. Great for that collaborative digital agile workplace you’re creating — but it’s creating a huge problem for enterprise data owners.
Bring Your Own Device (BYOD) and now Bring Your Own Software (BYOS) means there’s a whole lot going on beyond the reach of the traditional box-tickers, policy enforcers and internal police. Whatever sense of envelope-pushing freedom this behaviour brings, it is creating a whole new challenge for companies who find themselves moving ever deeper into risky waters.
A new approach is required for these new challenges.
Long shadows
People think nothing of using file sharing apps such as Dropbox, Box, Google Drive, Evernote or Office 365. Team messaging services such as Slack and Blink make the free flow of information and swapping of content easy. And that is to name just a few. Symantec’s Shadow Data Report covering the second half of 2016 found that organisations were using 20 times more cloud apps than they thought. That equates to a staggering average of 928 apps — the typical CIO thinks the number is between 30 and 40. Most of these apps are being used without the knowledge or oversight of the IT department. The potential security and compliance implications are all too clear.
The report also found that 25 per cent of files stored in the cloud are ‘broadly shared’ — across the entire organisation or with people outside it. Worryingly, three per cent of this data was sensitive or had implications for compliance.
This becomes a far bigger headache in regulated industries. And then there’s different data protection rules in different territories to consider. The convenience of cloud-based apps means they can quickly become the default way of working which leads to ‘over sharing’ of data as the quantity of files shared and stored in the cloud increases.
If disaster strikes, such as a data leak, hacking attack or infection by viruses or malware, things get very difficult, very quickly.
There is also a hidden implication. Having valuable company data, the collective knowledge of the company, scattered across a plethora of different apps means it lives in silos that serve only the team using it rather than being maintained for all. And when that team changes apps to something cooler; that data is lost forever.
Consultancy Accenture says the problem often lies with outdated approaches to enterprise IT: “Business units that go off on their own with a cloud solution are not trying to be subversive; they just don’t want to wait. Companies are bumping up against the issue of IT departments that were designed for an earlier era of computing, an era based on long waits before requests were finally implemented. In many cases, IT departments simply are not structured for the speed of business today.”
IT departments do, however, have the vital experience and expertise that can solve this problem. By combining the benefits of BYOS within a new framework that reflects the needs of the wider enterprise community.
Shared benefits
Invention is born of necessity. The use of shadow IT implies that what’s on offer at work isn’t meeting the needs of sections of the workforce. These are very often people at the sharp end of delivering value to the customer and so observing these needs can reveal important insights and help shape a company’s strategy. Trying to enforce such shadow activities out of existence will only push them further into the shadows.
The challenge — and opportunity — for companies is to harness the potential for smarter working that shadow IT offers while having a robust solution for the risk shadow data presents.
This requires new ways of thinking and new categories of tools, that can link disparate shadow data for both compliance and for productivity. These aren’t conflicting requirements, but rather two sides of the same coin.
This will become the core responsibility of IT; to provide a new layer of data connectivity, of the type never seen before.
This comes down to achieving what Blink stands for — modern, agile workplace technology but built for the demands of the enterprise. Blink is working to solve these problems by linking together teams, data and workflow — wherever it lives, in one intelligent app.
Please hit the ‘heart’ button to recommend this post to others.
We’re Blink, and we’re building the intelligent interface to work. Blink connects to your existing applications and applies modern intelligence to cut through the noise, automate tasks and help you accomplish more.
