How Shadow IT Is Emerging Into The Light

Contributed article by By Mark Micallef, Area Vice President, ASEAN, Citrix

Windows OS, Apple iOS, Blackberry OS, Android OS, on smartphones, phablets, tablets and most recently smartwatches... the list goes on.

We have all come to recognize that we are in a multi-device, multi-OS modern business world.

However, what we are slower in recognizing is that the same diversity we see in the above list, also applies to our data. As bring your own (BYO) becomes the norm, so does the fragmentation of data. It is prime time we start acknowledging this and consider what it actually means for business.

While it may be tempting to ignore or overlook the plethora of choices available for storing and sharing data, the reality is that people have unprecedented freedom to choose among cheap and convenient cloud storage options. This means we are continually creating and storing documents in multiple repositories, across multiple devices, inside and outside the firewall. This practice is commonplace and the number of document silos only seems to be increasing.

So what does this mean for business? With this wide and varied spectrum of document silos, it is becoming more difficult for organizations to manage critical business information, as well as keep it secure. This raises real privacy concerns, especially when the navigation of existing firewalls and integration with legacy systems and applications remain huge hurdles for businesses in achieving true enterprise mobility.

The combination of BYO, an increasingly mobile workforce, and a growing array of cloud-based services is eroding the traditional perimeter of work – work is no longer a place. More than ever before, mobile access to company data is a critical component to achieve full productivity for mobile workers. The next question is, are we between a rock and a hard place? Just because workers demand a delightful user experience at work or play, does not imply that organizations need to be concerned about secure and seamless access to internal resources.

There are ways to tackle data fragmentation. In fact, providing secure mobile access to data residing behind the company firewall is easier than you may think. It largely involves a harmony of ‘Shadow IT’ policies and collaborative technology and tools. In turn, businesses are armed with more choice and flexibility of where and how user data is accessed and shared – through increased privacy controls and data protection. A file sync and share (EFSS) Software-as-a-Service (SaaS) solution provides the security benefits of an on-premise solution while offloading the costs and headaches of maintaining the user experience as a service.

Eighty-three percent of businesses are concerned about the security of their corporate data as it is increasingly dispersed across their network and outside. Yet, Asia Pacific is lagging in the detection of security incidents as well as in the size of information security budgets. So what can be done to address these concerns?

Here are five top tips for selecting the right technology to protect company data and limit the risks of using Shadow IT:
  • Ensure there is no visibility to files or metadata.
    Having metadata (file and folder names) visible to your service provider is not okay because file names can convey sensitive information. All business data must be encrypted with a key that is under the organization’s full control.
  • No user impersonation.
  • Service providers must not be allowed to access files that belong to their customers. Enterprise single sign-on ought to be made convenient for end-users, but businesses must not forget that it also enables service providers to impersonate the users. That’s like having a one-way domain trust from your enterprise out to the cloud.
  • Ensure you have full control over your encryption service Encryption is almost meaningless when the service provider owns the keys and/or the servers that perform encryption – data must be encrypted with your organization’s key only.
  • User experience has to be consumer-grade.
    File encryption and data protection must not come at the expense of application compatibility or a seamless user experience. If users have to think about encryption keys, certificates or plug-ins across all their devices in order to unlock their files, they will find an easier way out and gravitate towards using a simplified, but less secure service.
  • Data sovereignty is mandatory.
    Service providers can no longer dictate where customer files are stored. To comply with local regulation and protect intellectual property, organizations must have the option to keep their data inside their country, their city, or even behind their firewall.