CASBs: How to Put Guardrails Around Shadow IT
According to the 2021 Gartner CIO Survey, more than 75% of employees expect to have future hybrid work environments, 64% are now able to work from home and 40% currently work from home.[1] Where we work has changed considerably.
As a result, global public cloud services are projected to grow from $ 387.7 billion in 2021 to $805.5 billion in 2025 for a five-year compound annual growth rate (CAGR) of 21.5%, according to Gartner. And by 2023, 70% of all enterprise workloads will be provided in cloud infrastructure and platform services.
With the pandemic driving more and more workloads to the cloud, the new work paradigm brings some old IT challenges, specifically shadow IT. If you don’t know what you have, you can’t secure it.
So how prevalent is the shadow IT problem…and what can you do about securing what you don’t know?
Shadow IT: An old dog bringing new remote tricks
Using personal email or personal devices — phones, tablets or family computers — for work constitutes shadow IT. These remote endpoints are used throughout an organization, but IT typically doesn’t have direct control over them.
The bigger problem is the sheer number of third-party SaaS applications that are being used out of sight of IT.
According to Microsoft, “80% of employees use non-sanctioned apps that no one has reviewed and may not be compliant with your security and compliance policies. And because your employees can access your resources and apps from outside your corporate network, it’s no longer enough to have rules and policies on your firewalls.”
The ideal scenario, of course, would involve putting the IT team in the role of trusted advisor and helping employees get the apps they need to be productive. But that’s a big ask when requests often require long approval cycles and teams need apps now. The simple fact is that shadow IT apps help people do their jobs.
IT, therefore, must reboot guardrails and governance to not only enable a view into their environment but to better mitigate risks.
Enter the cloud access security broker (CASB).
Cloud access security broker defined
Securing shadow IT used to be concerned with where the app is, who’s using it and what data is involved. Now, CASBs essentially wrap a security sleeve around shadow IT. It includes things like facilitating single sign-on and auditing policies and configurations to make sure that shadow IT resources are in compliance and have the appropriate security. According to Gartner:
“Cloud access security brokers (CASBs) are on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. CASBs consolidate multiple types of security policy enforcement. Example security policies include authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention and so on.”
In essence, CASB deals with the question of how to secure applications so that the organization is the best protected.
There are two ways to implement CASB:
- Agent-based — CASB gets between the user and the shadow IT/cloud resource and because it’s a proxy for all interaction with that external resource they have a second keyboard, if you will, or a second robotic person to help enforce policies.
- Agentless — Similar to agent-based, agentless CASB sometimes uses APIs to monitor, configure, etc. They influence the transaction between their users and the cloud resource or shadow IT.
The question is…how do you effectively support your customer — who has probably suffered from significant personnel and expertise losses — and give them the visibility they need to protect their networks?
The ABCs of managing the threat: Simplify the complex
At this juncture, collaboration is critical because we are caught in an asymmetrical battle with bad guys who have massive resources. They are tenacious and will persist in finding any available vulnerability to launch an attack.
Gartner predicts that, through 2025, more than 99% of cloud breaches will be traced back to preventable misconfigurations or end-user mistakes. They go on to say that “the more complex an enterprise’s cloud infrastructure is, the more challenging it becomes to secure.”
As an aggregator and distributor of security solutions, TD SYNNEX simplifies the complex with engineers who understand how all of these security solutions can work together to improve your customer’s security posture. We can help guide you to the next best play and solution to recommend to your customers using the resources available to them.
[1] “The Top 8 Security and Risk Trends We’re Watching,” Gartner.com, 11/15/2021.