SlideShare ist ein Scribd-Unternehmen logo

Shining Light on Shadow IT

DivvyCloud
DivvyCloud

Cloud computing has proven revolutionary for organizations hoping to leverage technology, innovation and digital strategies to stay ahead of the competition. Business units can quickly provision up compute, storage and network resources as they need without IT bottlenecks. But easy access to cloud resources has a dark side—one that’s become a growing problem: Shadow IT. Engineers, developers and even business stakeholders are launching resources that IT is unaware of. And what IT doesn’t know can come back to haunt organizations, preventing the IT department from performing critical functions such as controlling security, compliance and costs.

Software
1 von 12
Bringing Cloud Computing Out of the Shadows Shine the light on Shadow IT with active policy enforcement and cloud automation Terms and Conditions Copyright © 2016 DivvyCloud. All Rights Reserved DivvyCloud
Executive Summary Cloud computing has proven revolutionary for organizations hoping to leverage technology, innovation and digital strategies to stay ahead of the competition. Business units can quickly provision up compute, storage and network resources as they need without IT bottlenecks. But easy access to cloud resources has a dark side—one that’s become a growing problem: Shadow IT. Engineers, developers and even business stakeholders are launching resources that IT is unaware of. And what IT doesn’t know can come back to haunt organizations, preventing the IT department from performing critical functions such as controlling security, compliance and costs. Fortunately, solutions are available to mitigate the risks posed by Shadow IT, especially at production scale. The cloud automation platform developed by DivvyCloud provides comprehensive, real-time visibility of virtual resources and allows enterpriseS to set and automatically enforce policies regarding cloud provisioning and ongoing operations. This white paper details the challenges Shadow IT poses for organizations and how DivvyCloud enables those organizations to effectively mitigate security, compliance and cost risks. DivvyCloud EDITOR Peter Scott WRITER Cheryl Goldberg CONTACT 1400 Key Blvd, Level A, Suite #6 Arlington, VA, 22209, USA, +1 (571) 290-5077 info@divvycloud.com Terms and Conditions Copyright © 2016 DivvyCloud. All Rights Reserved DISCLAIMER: This white paper is for informational purposes only and is provided“as is”with no war- ranties whatsoever including any warranty of merchantability, fitness for any particular purpose, or any warranty otherwise arising out of any proposal, specification, or sample. No license, express or implied, to any intellectual property rights is granted or intended hereby. Product or company names mentioned herein may be the trademarks of their respective owners. 2 Shine the light on Shadow IT with active policy enforcement and cloud automation BRINGING CLOUD COMPUTING OUT OF THE SHADOWS
IN JULY OF 2015, THE ARMY NATIONAL GUARD EXPERIENCED A TREMENDOUS DATA BREACH. SOCIAL SECURITY NUMBERS, HOME ADDRESSES, AND OTHER PERSONAL INFORMATION FOR APPROXIMATELY 850,000 CURRENT AND FORMER NATIONAL GUARD MEMBERS WERE EXPOSED. BUT THE CAUSE WASN’T WHAT ONE MIGHT THINK. IT WASN'T AN ATTACK FROM MALICIOUS HACKERS; THE BREACH RESULTED FROM AN IMPROPERLY HANDLED DATA TRANSFER TO A NON-ACCREDITED DATA CENTER AS PART OF A BUDGET ANALYSIS CONDUCTED BY A CONTRACT EMPLOYEE. In other words, the Army National Guard’s data breach was one example of what can happen as a result of “Shadow IT” -- the acquisition of technology by a department or team without the approval guidance or support of IT. In the typical scenario, Shadow IT comes about when a business unit or department becomes frustrated with IT’s inability to deliver what they need when they need it. With business units under increasing pressure to launch new initiatives under tight deadlines in order to win, serve and retain customers, they go off and spin up cloud- based resources on their own, often without informing IT. Cloud service providers, such as Amazon Web Services (AWS), Google and Microsoft facilitate this behavior by making it simple to access IT infrastructure ondemand. No longer must end users go to IT, contend with red tape and wait while IT orders a new server, physically installs it, connects it to a router and so on. Instead, users simply employ a software-defined infrastructure, click a button, and voila, they now have new compute resources. These resources are paid for using corporate credit cards or, more often, by accessing an existing AWS or other corporate cloud accounts associated with a master contract and charging back costs. ENTERPRISE IT IS LEFT HOLDING THE BAG While cloud consumers are pleased with the rapid access to services, IT departments remain responsible for knowing where data is located and ensuring that it remains The Growing Problem of Shadow IT 3 BRINGING CLOUD COMPUTING OUT OF THE SHADOWS
protected. Yet this type of Shadow IT in the cloud makes it very difficult for on IT department to fulfill its responsibilities because it is often unaware of the resources others in the organization have procured. These resources after often complex to sort out. Companies often find themselves with multiple accounts from numerous cloud service providers (CSPs) for multiple business units. Large numbers of resources can be acquired and distributed across cloud accounts and environments; it’s not uncommon to see hundreds of instances or thousands of snapshots, along with associated storage volumes, networks, subnets and security groups. Organizations may even find themselves with growing numbers of services from a given vendor. For example AWS continues to introduce new services such as their Relational Database Service (RDS), ElastiCache, and Elastic Container Service (ECS). Business and technical users that procure new services and haven’t had prior experience managing infrastructure, may not understand what they should and shouldn’t do in terms of configuration. They often understand how to properly configure security settings or how much capacity/memory to allocate. They may be ignorant of corporate IT rules, choose to ignore the rules or might just not think about them. To make matters worse, even if IT were to have a handle on all these resources, the environment continually changes over its lifecycle. Users or the cloud platform itself may open a security rule, back up data to an unapproved region or add excessive compute power, racking up the monthly bill. • A recent survey of 200 global CIOs by Brocade found that 83 percent of enterprises experienced unauthorized provisioning of cloud services. Nearly 72 percent of executives don’t know how many Shadow IT applications are being used in their organization.1 • By 2018, Shadow IT will contribute up to 30% of IT activities, up from 15 percent in 20142, according to Gartner. • A Cisco report found that the number of unauthorized cloud apps used by enterprises was approximately times higher than CIOs predicted. While CIOs reported an average of 51 cloud services running in their organizations, Cisco found that the actual number was closer to 730.3 1 - “CIOs keep trying to defy cloud gravity” by Matt Asay, TechRepublic http://www.techrepublic.com/article/cios-keep-trying-to-defy-cloud-gravity/ 2 - “Gartner Predicts” by Gartner Group, 2016 http://www.gartner.com/binaries/content/assets/events/keywords/infrastructure-operations-management/iome5/ gartner-predicts-for-it-infrastructure-and-operations.pdf 3 - “Do You Know the Way to Ballylickey? Shadow IT and the CIO Dilemma” By Nick Earle, Cisco http://blogs.cisco.com/cloud/shadow-it-and-the-cio-dilemma 4 Shine the light on Shadow IT with active policy enforcement and cloud automation BRINGING CLOUD COMPUTING OUT OF THE SHADOWS
SECURITY RISKS Security risks are the biggest concern for most organizations. Just seven percent of cloud services meet enterprise requirements for security, according to a recent report by Skyhigh Networks.4 Nearly half of the respondents to a Cloud Security Alliance survey claimed that the security of corporate data was their chief concern with regards to Shadow IT.5 Shadow IT can cause security risks in many ways. These include: • Opening a back door into enterprise data. People provisioning instances may not protect them with the appropriate firewall settings. Because some cloud accounts connect directly to the organization's systems, they unknowingly open a back door to those systems. In this case, malicious users can get in and access the organization’s sensitive data. • Enabling DDoS attacks from the company’s domain. When people provision instances without firewall protection, an attacker can break into the unprotected instance, turn the server into a bot and use that bot as part of a bot network performing distributed denial of service (DDoS) attacks. And since they originate from comapny's resources, these attacks can harm the company’s reputation. • Circumventing security policies. An employee might open an unauthorized network port on a firewall so he or she can work on company projects from a remote location— such ascoffee shop, home or airport, and then neglect to close the access point, creating a backdoor that malicious intruders can enter. Shadow Cloud Risks Lack of visibility and control over shadow cloud resources leads to numerous security, compliance and cost risks for organizations. 4 - “Cloud Adoption and Risk Report Q2 2015” by Skyhigh Networks http://info.skyhighnetworks.com/WP-CARR-Q2-2015_Download_White.html?Source=website&LSourc e=website 5 -“Cloud Adoption Practices & Priorities Survey Report” by CSA Security Alliance, January 2015 https://downloads.cloud- securityalliance.org/initiatives/surveys/capp/Cloud_Adoption_Practices_Priorities_Survey_Final.pdf 5 BRINGING CLOUD COMPUTING OUT OF THE SHADOWS
• Inadequately restricting permissions. Employees might use cloud services such AWS S3 Buckets for storing files. Although they can apply permissions, 40 percent of Fortune 500 companies have accounts that are too permissive and consequently leak company data. Shadow IT removes IT’s ability to protect and monitor that data. • Incorrectly implementing policies. When an organization creates user accounts that can access cloud services, IT may want to employ two-factor authentication, such as a Smartphone and a pin or fingerprint, to validate that the user is who they say they are. With Shadow IT, this policy may not be enforced. COMPLIANCE Another pressing issue for organizations with regards to Shadow IT is compliance. A CSA survey found that 25 percent of respondents said compliance is their second biggest concern.6 When cloud-based applications are procured without the knowledge or approval of IT, the organization loses its ability to address both regulatory and corporate compliance issues. Regulatory compliance. Regulations often demand that organizations implement specified controls and document their usage. However, a CSP (Cloud Service Provider) may not apply identity management, access control, backup or other practices required by various regulations to protect data, potentially exposing it to unauthorized access and compliance violations. For example, SOX requires internal controls for ensuring accuracy and integrity of data in financial reports by requiring that information be verifiable and traceable. When data is handled by systems procured via Shadow IT, those systems are not necessarily subject to these security controls or audit capabilities. Even if the resources implement required controls, they may violate the compliance- related documentation requirements. Corporate compliance issues. Shadow cloud instances may not adhere to corporate guidelines. For example, one organization had a policy that required users to run cloud resources only in the East Coast region of AWS. Because Amazon doesn’t display all of a company’s resources in one view, if someone spins up resources on the West Coast or in Japan, IT may not realize that resources exist in those unauthorized regions. 6 - Cloud Adoption Practices & Priorities Survey Report” by CSA Security Alliance, January 2015 https://downloads.cloud- securityalliance.org/initiatives/surveys/capp/Cloud_Adoption_Practices_Priorities_Survey_Final.pdf 6 Shine the light on Shadow IT with active policy enforcement and cloud automation BRINGING CLOUD COMPUTING OUT OF THE SHADOWS
COST Uncontrolled costs are another huge issue for companies with Shadow IT. Gartner client inquiries showed that it is not uncommon for public cloud service bills be 2X to 3X higher than expected.7 Typical cost risks encountered with shadow IT include: • An inability to gauge actual costs. Cloud providers won’t go out of their way to show what their services really cost. They’ll claim the service only costs 38 cents per hour but won’t state the cost of running the resource 24x7x365. Users selecting services can easily make uninformed decisions with regards to ongoing or extended service costs. • Excessive usage fees. When an unprotected service is compromised and then used to launch a DDoS attack, costs skyrocket. Public clouds charge based on usage when data is transferred off the network. If malware on a compromised service is engaging in a DDoS attack and initiates massive amounts of traffic from an account, the account owner can be on the hook for thousands of dollars. Since IT may not know that the resources exist, this traffic and the associated charges can continue unchecked for long periods of time. • Duplicate services. Costs can spiral as businesses unknowingly purchase duplicate services. • Over-Provisioned resources. Users may over-provision because they want to make sure they have enough horsepower. After all, why would anyone want a Hyundai when they can have a Ferrari at the click of a button? Gartner found that many clients have asset utilization of just 10 percent to 20 percent suggesting there is significant room for optimization in usage and cost.8 WHAT'S A NEEDED IN A SOLUTION End users understand that IT needs to sanction cloud resources... after all no one wants the hassle or personal liability of having done something wrong. But, they still demand rapid access to cloud services and compute capacity. IT is well aware that it can’t prevent end users from chasing flexible solutions to their business needs or leveraging powerful cloud services from a wide variety of service providers. But IT does need visibility into what services end users provision and the ability to ensure that users adhere to high level policies for usage and security. 7 - Cloud Adoption Practices & Priorities Survey Report” by CSA Security Alliance, January 2015 https://downloads.cloudsecurityalliance.org /initiatives/surveys/capp/Cloud_Adoption_Practices_Priorities_Survey_Final.pdf 8 - “Gartner Report Shows IT Catch 22 and the Need for Cloud Automation” by Ryan Schradin, April 28, 2016, Cloud Sprawl http://www.cloudsprawl.net/gartner-report-shows-it-catch-22-and-the-need-for-cloud-automation/ 7 BRINGING CLOUD COMPUTING OUT OF THE SHADOWS
DivvyCloud provides comprehensive, real-time visibility of virtual resources and allows IT to define and enforce corporate policies regarding cloud provisioning and ongoing operations. The system can automatically discover everything running in public and private clouds and identify noncompliant resources as defined by company policy. DivvyCloud also tracks state changes in real time, conducts policy checks against those changes, and can take steps to automatically “heal” cloud resources back to a compliance state with those policies. This is often known as “self-healing infrastructure.” DivvyCloud is distinguished by the following capabilities: • Cloud agnostic. DivvyCloud can identify and track a broad range of compute, storage, network and advanced resources across a broad range of public and private cloud platforms. It treats all servers the same according to company policy, whether they’re Amazon Web Services, Microsoft Azure, Google Compute Platform, VMware or Openstack deployments. • Provisioning agnostic. Cloud resources can be provisioned via any provisioning method, whether through cloud provider portals, an automated provisioning or DevOps tool, DivvyCloud or a traditional CMP (Cloud Management Platform). DivvyCloud provides post-provisioning visibility, policy compliance and optimization. • Automated actions. Many tools monitor and notify administrators but don't take any action to address compliance issues. Once DivvyCloud detects an issue, it can take action to automatically apply the appropriate policy on the fly. DivvyCloud enables full resource lifecycle controls across clouds. • Extensible platform. Many software products require administrators to conform to their unique way of doing things. DivvyCloud provides an extensible platform that can be tailored using plugins and addons. This allows organizations to design automated policies and integrations that meet their unique business requirements, without being limited by DivvyCloud conventions. Addressing Shadow Cloud with DivvyCloud 8 Shine the light on Shadow IT with active policy enforcement and cloud automation BRINGING CLOUD COMPUTING OUT OF THE SHADOWS
• Community policy bots. Customers can take advantage of a growing body of prebuilt policy automation bots. Common policy automation bots ship with the core software, including scheduled instances, cloud region control, and instance type control. Additional from DivvyCloud, customers or individual technologists are available on DivvyCloud’s Bot Repository. • Contextual understanding of cloud resources. Simplistic monitoring solutions that enable IT to set narrowly defined thresholds for notifications are not robust enough for the complex, organic and interdependent nature of cloud computing. DivvyCloud understands the operational interdependencies between compute, storage, network and security services. Policies and automatic remediation can be implemented based on multiple, interdependent actions within the cloud infrastructure. • Retroactive policy compliance. Many tools establish policies when the infrastructure is provisioned. But if policies need to be changed, the organization must tear down the system, change the configuration and relaunch. With DivvyCloud, when a policy is altered, DivvyCloud scans the network, finds resources that have become noncompliant, and automatically brings the environment back into compliance. DivvyCloud also discovers environments not created through a central provisioning tool and can apply policies to those environments. BENEFITS With DivvyCloud, organizations can address key security, compliance and cost concerns that they’re likely to encounter with Shadow IT. Improve security DivvyCloud is able to address potential security breaches and prevents DDoS attacks through its enforcement of enforce security policies. DivvyCloud detects security policy violations as they occur and automatically brings the service into compliance. For example, DivvyCloud can detect and enforce policies preventing "users" from provisioning a server without a firewall, opening a port, employing an account without correct access permissions, or accessing a service without two-factor authentication. DivvyCloud can even track SSL certificate expirations and ensure that all SSL certificates are signed and not expired. Because DivvyCloud allows organizations to set a baseline above which traffic shouldn’t go, it can stop DDoS attacks in their tracks. If a network is compromised and uses the 9 BRINGING CLOUD COMPUTING OUT OF THE SHADOWS
network to launch a DDoS attack, DivvyCloud will reveal the unusually large amount of outbound traffic, suspend the service and prompt an investigation. Enforce compliance Both regulatory and corporate compliance are enhanced with DivvyCloud. Organizations can use Divvycloud to enforce compliance across all cloud environments. Audit trails demonstrate that controls are being followed and provide documentation of remediation steps taken to correct any issues. Control Costs The visibility and policy enforcement DivvyCloud provides also enables organizations to keep a handle on cloud service costs. The platform provides insight into actual service costs to help users make more intelligent decisions regarding what to provision. Organizations can create policies to set guard rails around what class of resources end users can configure. Because it enables organizations to set baselines on outgoing traffic and sends alerts when those are exceeded, DivvyCloud enables organizations to avoid excessive data usage costs in the event of a DDoS event. By providing visibility into resource consumption, DivvyCloud also enables organizations to optimally size their cloud resources. For a Fortune 1000 company with thousands of servers, even a 10 percent cost reduction can translate into millions of dollars in savings. 10 Shine the light on Shadow IT with active policy enforcement and cloud automation10 Shine the light on Shadow IT with active policy enforcement and cloud automation BRINGING CLOUD COMPUTING OUT OF THE SHADOWS
With DivvyCloud, cloud resources provisioned by groups across an organization can now come out from the shadows. Business users retain the flexibility to access the resources they need to compete in a demanding business environment. IT gains the visibility and control necessary to ensure that the IT environment remains secure, compliant and cost effective. For more information visit www.DivvyCloud.com or contact us at info@divvycloud.com. Conclusion 11
DIVVYCLOUD 1400 Key Blvd Level A, Suite #6 Arlington, VA 22209 www.divvycloud.com

Empfohlen

The benefits of cloud technology for remote working
The benefits of cloud technology for remote workingThe benefits of cloud technology for remote working
The benefits of cloud technology for remote workingAbaram Network Solutions
 
o-palerra-ROI-QuantifyCASB-WP
o-palerra-ROI-QuantifyCASB-WPo-palerra-ROI-QuantifyCASB-WP
o-palerra-ROI-QuantifyCASB-WPEric Opp
 
How CIOs should make Cloud investment - InfotechLead
How CIOs should make Cloud investment - InfotechLeadHow CIOs should make Cloud investment - InfotechLead
How CIOs should make Cloud investment - InfotechLeadArup Das
 
Should we fear the cloud?
Should we fear the cloud?Should we fear the cloud?
Should we fear the cloud?Gabe Akisanmi
 
Internet_of_Things_CEO_ magazine
Internet_of_Things_CEO_ magazineInternet_of_Things_CEO_ magazine
Internet_of_Things_CEO_ magazineIngrid Fernandez, PhD
 
VMblog - 2020 IT Predictions from 26 Industry Experts
VMblog - 2020 IT Predictions from 26 Industry ExpertsVMblog - 2020 IT Predictions from 26 Industry Experts
VMblog - 2020 IT Predictions from 26 Industry Expertsvmblog
 
Survivors Guide To The Cloud
Survivors Guide To The CloudSurvivors Guide To The Cloud
Survivors Guide To The CloudEnvision Technology Advisors
 
Survivors guide to the cloud whitepaper
Survivors guide to the cloud whitepaperSurvivors guide to the cloud whitepaper
Survivors guide to the cloud whitepaperOnomi
 

Empfohlen

The benefits of cloud technology for remote working
The benefits of cloud technology for remote workingThe benefits of cloud technology for remote working
The benefits of cloud technology for remote workingAbaram Network Solutions
 
o-palerra-ROI-QuantifyCASB-WP
o-palerra-ROI-QuantifyCASB-WPo-palerra-ROI-QuantifyCASB-WP
o-palerra-ROI-QuantifyCASB-WPEric Opp
 
How CIOs should make Cloud investment - InfotechLead
How CIOs should make Cloud investment - InfotechLeadHow CIOs should make Cloud investment - InfotechLead
How CIOs should make Cloud investment - InfotechLeadArup Das
 
Should we fear the cloud?
Should we fear the cloud?Should we fear the cloud?
Should we fear the cloud?Gabe Akisanmi
 
Internet_of_Things_CEO_ magazine
Internet_of_Things_CEO_ magazineInternet_of_Things_CEO_ magazine
Internet_of_Things_CEO_ magazineIngrid Fernandez, PhD
 
VMblog - 2020 IT Predictions from 26 Industry Experts
VMblog - 2020 IT Predictions from 26 Industry ExpertsVMblog - 2020 IT Predictions from 26 Industry Experts
VMblog - 2020 IT Predictions from 26 Industry Expertsvmblog
 
Survivors Guide To The Cloud
Survivors Guide To The CloudSurvivors Guide To The Cloud
Survivors Guide To The CloudEnvision Technology Advisors
 
Survivors guide to the cloud whitepaper
Survivors guide to the cloud whitepaperSurvivors guide to the cloud whitepaper
Survivors guide to the cloud whitepaperOnomi
 
Identity and Access Management as a Service Gets Boost with SailPoint's Ident...
Identity and Access Management as a Service Gets Boost with SailPoint's Ident...Identity and Access Management as a Service Gets Boost with SailPoint's Ident...
Identity and Access Management as a Service Gets Boost with SailPoint's Ident...Dana Gardner
 
Is your infrastructure holding you back?
Is your infrastructure holding you back?Is your infrastructure holding you back?
Is your infrastructure holding you back?Gabe Akisanmi
 
Microsoft "Nine things we learned about cloud compliance in Latin America"
Microsoft "Nine things we learned about cloud compliance in Latin America"Microsoft "Nine things we learned about cloud compliance in Latin America"
Microsoft "Nine things we learned about cloud compliance in Latin America"Robert Ivanschitz
 
Life in the Digital Workspace
Life in the Digital WorkspaceLife in the Digital Workspace
Life in the Digital WorkspaceCitrix
 
Schoology cloud assignment
Schoology cloud assignmentSchoology cloud assignment
Schoology cloud assignmentVellore Institute of Technology
 
TierPoint_ColocationWhitepaper-Six_Reasons
TierPoint_ColocationWhitepaper-Six_ReasonsTierPoint_ColocationWhitepaper-Six_Reasons
TierPoint_ColocationWhitepaper-Six_ReasonsThe Marketing Survivalist
 
Secure Computing in Enterprise Cloud Environments
Secure Computing in Enterprise Cloud EnvironmentsSecure Computing in Enterprise Cloud Environments
Secure Computing in Enterprise Cloud EnvironmentsShaun Thomas
 
Maa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangaloreMaa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangaloreIBM Software India
 
Cloud security and cloud adoption public
Cloud security and cloud adoption publicCloud security and cloud adoption public
Cloud security and cloud adoption publicJohn Mathon
 
How Secure Is Cloud
How Secure Is CloudHow Secure Is Cloud
How Secure Is CloudWilliam Lam
 
Protect Your Workplace e book
Protect Your Workplace e bookProtect Your Workplace e book
Protect Your Workplace e bookPablo Junco
 
SaaS Markets _ In SaaS We Trust
SaaS Markets _ In SaaS We TrustSaaS Markets _ In SaaS We Trust
SaaS Markets _ In SaaS We TrustDeDe McAdoo Schell
 
There's No Such Thing As "Downtime" In a Hospital
There's No Such Thing As "Downtime" In a HospitalThere's No Such Thing As "Downtime" In a Hospital
There's No Such Thing As "Downtime" In a HospitalNETSCOUT
 
Hybrid cloud- driving a business
Hybrid cloud- driving a businessHybrid cloud- driving a business
Hybrid cloud- driving a businessGabe Akisanmi
 
The Digital Disconnect in South Africa
The Digital Disconnect in South AfricaThe Digital Disconnect in South Africa
The Digital Disconnect in South AfricaCitrix
 
Host your Cloud – Netmagic Solutions
Host your Cloud – Netmagic SolutionsHost your Cloud – Netmagic Solutions
Host your Cloud – Netmagic SolutionsNetmagic Solutions Pvt. Ltd.
 
Gartner: Top 10 Strategic Technology Trends 2016
Gartner: Top 10 Strategic Technology Trends 2016Gartner: Top 10 Strategic Technology Trends 2016
Gartner: Top 10 Strategic Technology Trends 2016Den Reymer
 
How Is Your Data Shared? 10 Surprising Stats
How Is Your Data Shared? 10 Surprising StatsHow Is Your Data Shared? 10 Surprising Stats
How Is Your Data Shared? 10 Surprising StatsThe Cloud Communications division of NTT Ltd.
 
Raconteur: Cloud for Business Report
Raconteur: Cloud for Business ReportRaconteur: Cloud for Business Report
Raconteur: Cloud for Business ReportCensornet
 
Myths About Cloud Computing
Myths About Cloud ComputingMyths About Cloud Computing
Myths About Cloud ComputingGo4hosting Web Hosting Provider
 
Global Security Certification for Governments
Global Security Certification for GovernmentsGlobal Security Certification for Governments
Global Security Certification for GovernmentsCloudMask inc.
 
Protect your confidential information while improving services
Protect your confidential information while improving servicesProtect your confidential information while improving services
Protect your confidential information while improving servicesCloudMask inc.
 

Weitere ähnliche Inhalte

Was ist angesagt?

Identity and Access Management as a Service Gets Boost with SailPoint's Ident...
Identity and Access Management as a Service Gets Boost with SailPoint's Ident...Identity and Access Management as a Service Gets Boost with SailPoint's Ident...
Identity and Access Management as a Service Gets Boost with SailPoint's Ident...Dana Gardner
 
Is your infrastructure holding you back?
Is your infrastructure holding you back?Is your infrastructure holding you back?
Is your infrastructure holding you back?Gabe Akisanmi
 
Microsoft "Nine things we learned about cloud compliance in Latin America"
Microsoft "Nine things we learned about cloud compliance in Latin America"Microsoft "Nine things we learned about cloud compliance in Latin America"
Microsoft "Nine things we learned about cloud compliance in Latin America"Robert Ivanschitz
 
Life in the Digital Workspace
Life in the Digital WorkspaceLife in the Digital Workspace
Life in the Digital WorkspaceCitrix
 
Secure Computing in Enterprise Cloud Environments
Secure Computing in Enterprise Cloud EnvironmentsSecure Computing in Enterprise Cloud Environments
Secure Computing in Enterprise Cloud EnvironmentsShaun Thomas
 
Maa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangaloreMaa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangaloreIBM Software India
 
Cloud security and cloud adoption public
Cloud security and cloud adoption publicCloud security and cloud adoption public
Cloud security and cloud adoption publicJohn Mathon
 
How Secure Is Cloud
How Secure Is CloudHow Secure Is Cloud
How Secure Is CloudWilliam Lam
 
Protect Your Workplace e book
Protect Your Workplace e bookProtect Your Workplace e book
Protect Your Workplace e bookPablo Junco
 
SaaS Markets _ In SaaS We Trust
SaaS Markets _ In SaaS We TrustSaaS Markets _ In SaaS We Trust
SaaS Markets _ In SaaS We TrustDeDe McAdoo Schell
 
There's No Such Thing As "Downtime" In a Hospital
There's No Such Thing As "Downtime" In a HospitalThere's No Such Thing As "Downtime" In a Hospital
There's No Such Thing As "Downtime" In a HospitalNETSCOUT
 
Hybrid cloud- driving a business
Hybrid cloud- driving a businessHybrid cloud- driving a business
Hybrid cloud- driving a businessGabe Akisanmi
 
The Digital Disconnect in South Africa
The Digital Disconnect in South AfricaThe Digital Disconnect in South Africa
The Digital Disconnect in South AfricaCitrix
 
Gartner: Top 10 Strategic Technology Trends 2016
Gartner: Top 10 Strategic Technology Trends 2016Gartner: Top 10 Strategic Technology Trends 2016
Gartner: Top 10 Strategic Technology Trends 2016Den Reymer
 

Was ist angesagt? (17)

Identity and Access Management as a Service Gets Boost with SailPoint's Ident...
Identity and Access Management as a Service Gets Boost with SailPoint's Ident...Identity and Access Management as a Service Gets Boost with SailPoint's Ident...
Identity and Access Management as a Service Gets Boost with SailPoint's Ident...
 
Is your infrastructure holding you back?
Is your infrastructure holding you back?Is your infrastructure holding you back?
Is your infrastructure holding you back?
 
Microsoft "Nine things we learned about cloud compliance in Latin America"
Microsoft "Nine things we learned about cloud compliance in Latin America"Microsoft "Nine things we learned about cloud compliance in Latin America"
Microsoft "Nine things we learned about cloud compliance in Latin America"
 
Life in the Digital Workspace
Life in the Digital WorkspaceLife in the Digital Workspace
Life in the Digital Workspace
 
Schoology cloud assignment
Schoology cloud assignmentSchoology cloud assignment
Schoology cloud assignment
 
TierPoint_ColocationWhitepaper-Six_Reasons
TierPoint_ColocationWhitepaper-Six_ReasonsTierPoint_ColocationWhitepaper-Six_Reasons
TierPoint_ColocationWhitepaper-Six_Reasons
 
Secure Computing in Enterprise Cloud Environments
Secure Computing in Enterprise Cloud EnvironmentsSecure Computing in Enterprise Cloud Environments
Secure Computing in Enterprise Cloud Environments
 
Maa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangaloreMaa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangalore
 
Cloud security and cloud adoption public
Cloud security and cloud adoption publicCloud security and cloud adoption public
Cloud security and cloud adoption public
 
How Secure Is Cloud
How Secure Is CloudHow Secure Is Cloud
How Secure Is Cloud
 
Protect Your Workplace e book
Protect Your Workplace e bookProtect Your Workplace e book
Protect Your Workplace e book
 
SaaS Markets _ In SaaS We Trust
SaaS Markets _ In SaaS We TrustSaaS Markets _ In SaaS We Trust
SaaS Markets _ In SaaS We Trust
 
There's No Such Thing As "Downtime" In a Hospital
There's No Such Thing As "Downtime" In a HospitalThere's No Such Thing As "Downtime" In a Hospital
There's No Such Thing As "Downtime" In a Hospital
 
Hybrid cloud- driving a business
Hybrid cloud- driving a businessHybrid cloud- driving a business
Hybrid cloud- driving a business
 
The Digital Disconnect in South Africa
The Digital Disconnect in South AfricaThe Digital Disconnect in South Africa
The Digital Disconnect in South Africa
 
Host your Cloud – Netmagic Solutions
Host your Cloud – Netmagic SolutionsHost your Cloud – Netmagic Solutions
Host your Cloud – Netmagic Solutions
 
Gartner: Top 10 Strategic Technology Trends 2016
Gartner: Top 10 Strategic Technology Trends 2016Gartner: Top 10 Strategic Technology Trends 2016
Gartner: Top 10 Strategic Technology Trends 2016
 

Ähnlich wie Shining Light on Shadow IT

Raconteur: Cloud for Business Report
Raconteur: Cloud for Business ReportRaconteur: Cloud for Business Report
Raconteur: Cloud for Business ReportCensornet
 
Global Security Certification for Governments
Global Security Certification for GovernmentsGlobal Security Certification for Governments
Global Security Certification for GovernmentsCloudMask inc.
 
Protect your confidential information while improving services
Protect your confidential information while improving servicesProtect your confidential information while improving services
Protect your confidential information while improving servicesCloudMask inc.
 
Welcome to the private cloud - Use openQRM to adopt concepts from the public ...
Welcome to the private cloud - Use openQRM to adopt concepts from the public ...Welcome to the private cloud - Use openQRM to adopt concepts from the public ...
Welcome to the private cloud - Use openQRM to adopt concepts from the public ...openQRM Enterprise GmbH
 
Cloud Computing & Cybersecurity in Industry 4.0
Cloud Computing & Cybersecurity in Industry 4.0Cloud Computing & Cybersecurity in Industry 4.0
Cloud Computing & Cybersecurity in Industry 4.0PT Datacomm Diangraha
 
Jump-Start the Enterprise Journey to the Cloud
Jump-Start the Enterprise Journey to the CloudJump-Start the Enterprise Journey to the Cloud
Jump-Start the Enterprise Journey to the CloudLindaWatson19
 
The Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny HeaberlinThe Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny HeaberlinCloud Expo
 
Cloud computing Risk management
Cloud computing Risk management Cloud computing Risk management
Cloud computing Risk management Padma Jella
 
The benefits of cloud technology for remote working
The benefits of cloud technology for remote workingThe benefits of cloud technology for remote working
The benefits of cloud technology for remote workingAbaram Network Solutions
 
Cashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidenceCashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidenceCloudMask inc.
 
Cybersecurity in the Cloud: Safer Than You Think
Cybersecurity in the Cloud: Safer Than You ThinkCybersecurity in the Cloud: Safer Than You Think
Cybersecurity in the Cloud: Safer Than You ThinkAppian
 
10 Tips for CIOS Data Security in the Cloud
10 Tips for CIOS Data Security in the Cloud10 Tips for CIOS Data Security in the Cloud
10 Tips for CIOS Data Security in the CloudIron Mountain
 
Cloud service providers in pune
Cloud service providers in puneCloud service providers in pune
Cloud service providers in puneAnshita Dixit
 
Transcending IT Planetary Boundaries: Future of cloud, By Pradeep Gupta, Cha...
Transcending IT Planetary Boundaries: Future of cloud, By Pradeep Gupta, Cha...Transcending IT Planetary Boundaries: Future of cloud, By Pradeep Gupta, Cha...
Transcending IT Planetary Boundaries: Future of cloud, By Pradeep Gupta, Cha...HCL Infosystems
 

Ähnlich wie Shining Light on Shadow IT (20)

How Is Your Data Shared? 10 Surprising Stats
How Is Your Data Shared? 10 Surprising StatsHow Is Your Data Shared? 10 Surprising Stats
How Is Your Data Shared? 10 Surprising Stats
 
Raconteur: Cloud for Business Report
Raconteur: Cloud for Business ReportRaconteur: Cloud for Business Report
Raconteur: Cloud for Business Report
 
Myths About Cloud Computing
Myths About Cloud ComputingMyths About Cloud Computing
Myths About Cloud Computing
 
Global Security Certification for Governments
Global Security Certification for GovernmentsGlobal Security Certification for Governments
Global Security Certification for Governments
 
Protect your confidential information while improving services
Protect your confidential information while improving servicesProtect your confidential information while improving services
Protect your confidential information while improving services
 
Welcome to the private cloud - Use openQRM to adopt concepts from the public ...
Welcome to the private cloud - Use openQRM to adopt concepts from the public ...Welcome to the private cloud - Use openQRM to adopt concepts from the public ...
Welcome to the private cloud - Use openQRM to adopt concepts from the public ...
 
Cloud Computing & Cybersecurity in Industry 4.0
Cloud Computing & Cybersecurity in Industry 4.0Cloud Computing & Cybersecurity in Industry 4.0
Cloud Computing & Cybersecurity in Industry 4.0
 
Facing the Future - Is the cloud right for you?
Facing the Future - Is the cloud right for you?Facing the Future - Is the cloud right for you?
Facing the Future - Is the cloud right for you?
 
Jump-Start the Enterprise Journey to the Cloud
Jump-Start the Enterprise Journey to the CloudJump-Start the Enterprise Journey to the Cloud
Jump-Start the Enterprise Journey to the Cloud
 
The Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny HeaberlinThe Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny Heaberlin
 
SMACIC_Clean
SMACIC_CleanSMACIC_Clean
SMACIC_Clean
 
Cloud computing Risk management
Cloud computing Risk management Cloud computing Risk management
Cloud computing Risk management
 
The benefits of cloud technology for remote working
The benefits of cloud technology for remote workingThe benefits of cloud technology for remote working
The benefits of cloud technology for remote working
 
Cashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidenceCashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidence
 
bishu pdf1
bishu pdf1bishu pdf1
bishu pdf1
 
Cybersecurity in the Cloud: Safer Than You Think
Cybersecurity in the Cloud: Safer Than You ThinkCybersecurity in the Cloud: Safer Than You Think
Cybersecurity in the Cloud: Safer Than You Think
 
Vps server 3
Vps server 3Vps server 3
Vps server 3
 
10 Tips for CIOS Data Security in the Cloud
10 Tips for CIOS Data Security in the Cloud10 Tips for CIOS Data Security in the Cloud
10 Tips for CIOS Data Security in the Cloud
 
Cloud service providers in pune
Cloud service providers in puneCloud service providers in pune
Cloud service providers in pune
 
Transcending IT Planetary Boundaries: Future of cloud, By Pradeep Gupta, Cha...
Transcending IT Planetary Boundaries: Future of cloud, By Pradeep Gupta, Cha...Transcending IT Planetary Boundaries: Future of cloud, By Pradeep Gupta, Cha...
Transcending IT Planetary Boundaries: Future of cloud, By Pradeep Gupta, Cha...
 

Kürzlich hochgeladen

PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationvaddepallysandeep122
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationBradBedford3
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Mater
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsSafe Software
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commercemanigoyal112
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
Software Coding for software engineering
Software Coding for software engineeringSoftware Coding for software engineering
Software Coding for software engineeringssuserb3a23b
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 

Kürzlich hochgeladen (20)

PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentation
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data Streams
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commerce
 
Odoo Development Company in India | Devintelle Consulting Service
Odoo Development Company in India | Devintelle Consulting ServiceOdoo Development Company in India | Devintelle Consulting Service
Odoo Development Company in India | Devintelle Consulting Service
 
2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
Software Coding for software engineering
Software Coding for software engineeringSoftware Coding for software engineering
Software Coding for software engineering
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 

Shining Light on Shadow IT

  • 1. Bringing Cloud Computing Out of the Shadows Shine the light on Shadow IT with active policy enforcement and cloud automation Terms and Conditions Copyright © 2016 DivvyCloud. All Rights Reserved DivvyCloud
  • 2. Executive Summary Cloud computing has proven revolutionary for organizations hoping to leverage technology, innovation and digital strategies to stay ahead of the competition. Business units can quickly provision up compute, storage and network resources as they need without IT bottlenecks. But easy access to cloud resources has a dark side—one that’s become a growing problem: Shadow IT. Engineers, developers and even business stakeholders are launching resources that IT is unaware of. And what IT doesn’t know can come back to haunt organizations, preventing the IT department from performing critical functions such as controlling security, compliance and costs. Fortunately, solutions are available to mitigate the risks posed by Shadow IT, especially at production scale. The cloud automation platform developed by DivvyCloud provides comprehensive, real-time visibility of virtual resources and allows enterpriseS to set and automatically enforce policies regarding cloud provisioning and ongoing operations. This white paper details the challenges Shadow IT poses for organizations and how DivvyCloud enables those organizations to effectively mitigate security, compliance and cost risks. DivvyCloud EDITOR Peter Scott WRITER Cheryl Goldberg CONTACT 1400 Key Blvd, Level A, Suite #6 Arlington, VA, 22209, USA, +1 (571) 290-5077 info@divvycloud.com Terms and Conditions Copyright © 2016 DivvyCloud. All Rights Reserved DISCLAIMER: This white paper is for informational purposes only and is provided“as is”with no war- ranties whatsoever including any warranty of merchantability, fitness for any particular purpose, or any warranty otherwise arising out of any proposal, specification, or sample. No license, express or implied, to any intellectual property rights is granted or intended hereby. Product or company names mentioned herein may be the trademarks of their respective owners. 2 Shine the light on Shadow IT with active policy enforcement and cloud automation BRINGING CLOUD COMPUTING OUT OF THE SHADOWS
  • 3. IN JULY OF 2015, THE ARMY NATIONAL GUARD EXPERIENCED A TREMENDOUS DATA BREACH. SOCIAL SECURITY NUMBERS, HOME ADDRESSES, AND OTHER PERSONAL INFORMATION FOR APPROXIMATELY 850,000 CURRENT AND FORMER NATIONAL GUARD MEMBERS WERE EXPOSED. BUT THE CAUSE WASN’T WHAT ONE MIGHT THINK. IT WASN'T AN ATTACK FROM MALICIOUS HACKERS; THE BREACH RESULTED FROM AN IMPROPERLY HANDLED DATA TRANSFER TO A NON-ACCREDITED DATA CENTER AS PART OF A BUDGET ANALYSIS CONDUCTED BY A CONTRACT EMPLOYEE. In other words, the Army National Guard’s data breach was one example of what can happen as a result of “Shadow IT” -- the acquisition of technology by a department or team without the approval guidance or support of IT. In the typical scenario, Shadow IT comes about when a business unit or department becomes frustrated with IT’s inability to deliver what they need when they need it. With business units under increasing pressure to launch new initiatives under tight deadlines in order to win, serve and retain customers, they go off and spin up cloud- based resources on their own, often without informing IT. Cloud service providers, such as Amazon Web Services (AWS), Google and Microsoft facilitate this behavior by making it simple to access IT infrastructure ondemand. No longer must end users go to IT, contend with red tape and wait while IT orders a new server, physically installs it, connects it to a router and so on. Instead, users simply employ a software-defined infrastructure, click a button, and voila, they now have new compute resources. These resources are paid for using corporate credit cards or, more often, by accessing an existing AWS or other corporate cloud accounts associated with a master contract and charging back costs. ENTERPRISE IT IS LEFT HOLDING THE BAG While cloud consumers are pleased with the rapid access to services, IT departments remain responsible for knowing where data is located and ensuring that it remains The Growing Problem of Shadow IT 3 BRINGING CLOUD COMPUTING OUT OF THE SHADOWS
  • 4. protected. Yet this type of Shadow IT in the cloud makes it very difficult for on IT department to fulfill its responsibilities because it is often unaware of the resources others in the organization have procured. These resources after often complex to sort out. Companies often find themselves with multiple accounts from numerous cloud service providers (CSPs) for multiple business units. Large numbers of resources can be acquired and distributed across cloud accounts and environments; it’s not uncommon to see hundreds of instances or thousands of snapshots, along with associated storage volumes, networks, subnets and security groups. Organizations may even find themselves with growing numbers of services from a given vendor. For example AWS continues to introduce new services such as their Relational Database Service (RDS), ElastiCache, and Elastic Container Service (ECS). Business and technical users that procure new services and haven’t had prior experience managing infrastructure, may not understand what they should and shouldn’t do in terms of configuration. They often understand how to properly configure security settings or how much capacity/memory to allocate. They may be ignorant of corporate IT rules, choose to ignore the rules or might just not think about them. To make matters worse, even if IT were to have a handle on all these resources, the environment continually changes over its lifecycle. Users or the cloud platform itself may open a security rule, back up data to an unapproved region or add excessive compute power, racking up the monthly bill. • A recent survey of 200 global CIOs by Brocade found that 83 percent of enterprises experienced unauthorized provisioning of cloud services. Nearly 72 percent of executives don’t know how many Shadow IT applications are being used in their organization.1 • By 2018, Shadow IT will contribute up to 30% of IT activities, up from 15 percent in 20142, according to Gartner. • A Cisco report found that the number of unauthorized cloud apps used by enterprises was approximately times higher than CIOs predicted. While CIOs reported an average of 51 cloud services running in their organizations, Cisco found that the actual number was closer to 730.3 1 - “CIOs keep trying to defy cloud gravity” by Matt Asay, TechRepublic http://www.techrepublic.com/article/cios-keep-trying-to-defy-cloud-gravity/ 2 - “Gartner Predicts” by Gartner Group, 2016 http://www.gartner.com/binaries/content/assets/events/keywords/infrastructure-operations-management/iome5/ gartner-predicts-for-it-infrastructure-and-operations.pdf 3 - “Do You Know the Way to Ballylickey? Shadow IT and the CIO Dilemma” By Nick Earle, Cisco http://blogs.cisco.com/cloud/shadow-it-and-the-cio-dilemma 4 Shine the light on Shadow IT with active policy enforcement and cloud automation BRINGING CLOUD COMPUTING OUT OF THE SHADOWS
  • 5. SECURITY RISKS Security risks are the biggest concern for most organizations. Just seven percent of cloud services meet enterprise requirements for security, according to a recent report by Skyhigh Networks.4 Nearly half of the respondents to a Cloud Security Alliance survey claimed that the security of corporate data was their chief concern with regards to Shadow IT.5 Shadow IT can cause security risks in many ways. These include: • Opening a back door into enterprise data. People provisioning instances may not protect them with the appropriate firewall settings. Because some cloud accounts connect directly to the organization's systems, they unknowingly open a back door to those systems. In this case, malicious users can get in and access the organization’s sensitive data. • Enabling DDoS attacks from the company’s domain. When people provision instances without firewall protection, an attacker can break into the unprotected instance, turn the server into a bot and use that bot as part of a bot network performing distributed denial of service (DDoS) attacks. And since they originate from comapny's resources, these attacks can harm the company’s reputation. • Circumventing security policies. An employee might open an unauthorized network port on a firewall so he or she can work on company projects from a remote location— such ascoffee shop, home or airport, and then neglect to close the access point, creating a backdoor that malicious intruders can enter. Shadow Cloud Risks Lack of visibility and control over shadow cloud resources leads to numerous security, compliance and cost risks for organizations. 4 - “Cloud Adoption and Risk Report Q2 2015” by Skyhigh Networks http://info.skyhighnetworks.com/WP-CARR-Q2-2015_Download_White.html?Source=website&LSourc e=website 5 -“Cloud Adoption Practices & Priorities Survey Report” by CSA Security Alliance, January 2015 https://downloads.cloud- securityalliance.org/initiatives/surveys/capp/Cloud_Adoption_Practices_Priorities_Survey_Final.pdf 5 BRINGING CLOUD COMPUTING OUT OF THE SHADOWS
  • 6. • Inadequately restricting permissions. Employees might use cloud services such AWS S3 Buckets for storing files. Although they can apply permissions, 40 percent of Fortune 500 companies have accounts that are too permissive and consequently leak company data. Shadow IT removes IT’s ability to protect and monitor that data. • Incorrectly implementing policies. When an organization creates user accounts that can access cloud services, IT may want to employ two-factor authentication, such as a Smartphone and a pin or fingerprint, to validate that the user is who they say they are. With Shadow IT, this policy may not be enforced. COMPLIANCE Another pressing issue for organizations with regards to Shadow IT is compliance. A CSA survey found that 25 percent of respondents said compliance is their second biggest concern.6 When cloud-based applications are procured without the knowledge or approval of IT, the organization loses its ability to address both regulatory and corporate compliance issues. Regulatory compliance. Regulations often demand that organizations implement specified controls and document their usage. However, a CSP (Cloud Service Provider) may not apply identity management, access control, backup or other practices required by various regulations to protect data, potentially exposing it to unauthorized access and compliance violations. For example, SOX requires internal controls for ensuring accuracy and integrity of data in financial reports by requiring that information be verifiable and traceable. When data is handled by systems procured via Shadow IT, those systems are not necessarily subject to these security controls or audit capabilities. Even if the resources implement required controls, they may violate the compliance- related documentation requirements. Corporate compliance issues. Shadow cloud instances may not adhere to corporate guidelines. For example, one organization had a policy that required users to run cloud resources only in the East Coast region of AWS. Because Amazon doesn’t display all of a company’s resources in one view, if someone spins up resources on the West Coast or in Japan, IT may not realize that resources exist in those unauthorized regions. 6 - Cloud Adoption Practices & Priorities Survey Report” by CSA Security Alliance, January 2015 https://downloads.cloud- securityalliance.org/initiatives/surveys/capp/Cloud_Adoption_Practices_Priorities_Survey_Final.pdf 6 Shine the light on Shadow IT with active policy enforcement and cloud automation BRINGING CLOUD COMPUTING OUT OF THE SHADOWS
  • 7. COST Uncontrolled costs are another huge issue for companies with Shadow IT. Gartner client inquiries showed that it is not uncommon for public cloud service bills be 2X to 3X higher than expected.7 Typical cost risks encountered with shadow IT include: • An inability to gauge actual costs. Cloud providers won’t go out of their way to show what their services really cost. They’ll claim the service only costs 38 cents per hour but won’t state the cost of running the resource 24x7x365. Users selecting services can easily make uninformed decisions with regards to ongoing or extended service costs. • Excessive usage fees. When an unprotected service is compromised and then used to launch a DDoS attack, costs skyrocket. Public clouds charge based on usage when data is transferred off the network. If malware on a compromised service is engaging in a DDoS attack and initiates massive amounts of traffic from an account, the account owner can be on the hook for thousands of dollars. Since IT may not know that the resources exist, this traffic and the associated charges can continue unchecked for long periods of time. • Duplicate services. Costs can spiral as businesses unknowingly purchase duplicate services. • Over-Provisioned resources. Users may over-provision because they want to make sure they have enough horsepower. After all, why would anyone want a Hyundai when they can have a Ferrari at the click of a button? Gartner found that many clients have asset utilization of just 10 percent to 20 percent suggesting there is significant room for optimization in usage and cost.8 WHAT'S A NEEDED IN A SOLUTION End users understand that IT needs to sanction cloud resources... after all no one wants the hassle or personal liability of having done something wrong. But, they still demand rapid access to cloud services and compute capacity. IT is well aware that it can’t prevent end users from chasing flexible solutions to their business needs or leveraging powerful cloud services from a wide variety of service providers. But IT does need visibility into what services end users provision and the ability to ensure that users adhere to high level policies for usage and security. 7 - Cloud Adoption Practices & Priorities Survey Report” by CSA Security Alliance, January 2015 https://downloads.cloudsecurityalliance.org /initiatives/surveys/capp/Cloud_Adoption_Practices_Priorities_Survey_Final.pdf 8 - “Gartner Report Shows IT Catch 22 and the Need for Cloud Automation” by Ryan Schradin, April 28, 2016, Cloud Sprawl http://www.cloudsprawl.net/gartner-report-shows-it-catch-22-and-the-need-for-cloud-automation/ 7 BRINGING CLOUD COMPUTING OUT OF THE SHADOWS
  • 8. DivvyCloud provides comprehensive, real-time visibility of virtual resources and allows IT to define and enforce corporate policies regarding cloud provisioning and ongoing operations. The system can automatically discover everything running in public and private clouds and identify noncompliant resources as defined by company policy. DivvyCloud also tracks state changes in real time, conducts policy checks against those changes, and can take steps to automatically “heal” cloud resources back to a compliance state with those policies. This is often known as “self-healing infrastructure.” DivvyCloud is distinguished by the following capabilities: • Cloud agnostic. DivvyCloud can identify and track a broad range of compute, storage, network and advanced resources across a broad range of public and private cloud platforms. It treats all servers the same according to company policy, whether they’re Amazon Web Services, Microsoft Azure, Google Compute Platform, VMware or Openstack deployments. • Provisioning agnostic. Cloud resources can be provisioned via any provisioning method, whether through cloud provider portals, an automated provisioning or DevOps tool, DivvyCloud or a traditional CMP (Cloud Management Platform). DivvyCloud provides post-provisioning visibility, policy compliance and optimization. • Automated actions. Many tools monitor and notify administrators but don't take any action to address compliance issues. Once DivvyCloud detects an issue, it can take action to automatically apply the appropriate policy on the fly. DivvyCloud enables full resource lifecycle controls across clouds. • Extensible platform. Many software products require administrators to conform to their unique way of doing things. DivvyCloud provides an extensible platform that can be tailored using plugins and addons. This allows organizations to design automated policies and integrations that meet their unique business requirements, without being limited by DivvyCloud conventions. Addressing Shadow Cloud with DivvyCloud 8 Shine the light on Shadow IT with active policy enforcement and cloud automation BRINGING CLOUD COMPUTING OUT OF THE SHADOWS
  • 9. • Community policy bots. Customers can take advantage of a growing body of prebuilt policy automation bots. Common policy automation bots ship with the core software, including scheduled instances, cloud region control, and instance type control. Additional from DivvyCloud, customers or individual technologists are available on DivvyCloud’s Bot Repository. • Contextual understanding of cloud resources. Simplistic monitoring solutions that enable IT to set narrowly defined thresholds for notifications are not robust enough for the complex, organic and interdependent nature of cloud computing. DivvyCloud understands the operational interdependencies between compute, storage, network and security services. Policies and automatic remediation can be implemented based on multiple, interdependent actions within the cloud infrastructure. • Retroactive policy compliance. Many tools establish policies when the infrastructure is provisioned. But if policies need to be changed, the organization must tear down the system, change the configuration and relaunch. With DivvyCloud, when a policy is altered, DivvyCloud scans the network, finds resources that have become noncompliant, and automatically brings the environment back into compliance. DivvyCloud also discovers environments not created through a central provisioning tool and can apply policies to those environments. BENEFITS With DivvyCloud, organizations can address key security, compliance and cost concerns that they’re likely to encounter with Shadow IT. Improve security DivvyCloud is able to address potential security breaches and prevents DDoS attacks through its enforcement of enforce security policies. DivvyCloud detects security policy violations as they occur and automatically brings the service into compliance. For example, DivvyCloud can detect and enforce policies preventing "users" from provisioning a server without a firewall, opening a port, employing an account without correct access permissions, or accessing a service without two-factor authentication. DivvyCloud can even track SSL certificate expirations and ensure that all SSL certificates are signed and not expired. Because DivvyCloud allows organizations to set a baseline above which traffic shouldn’t go, it can stop DDoS attacks in their tracks. If a network is compromised and uses the 9 BRINGING CLOUD COMPUTING OUT OF THE SHADOWS
  • 10. network to launch a DDoS attack, DivvyCloud will reveal the unusually large amount of outbound traffic, suspend the service and prompt an investigation. Enforce compliance Both regulatory and corporate compliance are enhanced with DivvyCloud. Organizations can use Divvycloud to enforce compliance across all cloud environments. Audit trails demonstrate that controls are being followed and provide documentation of remediation steps taken to correct any issues. Control Costs The visibility and policy enforcement DivvyCloud provides also enables organizations to keep a handle on cloud service costs. The platform provides insight into actual service costs to help users make more intelligent decisions regarding what to provision. Organizations can create policies to set guard rails around what class of resources end users can configure. Because it enables organizations to set baselines on outgoing traffic and sends alerts when those are exceeded, DivvyCloud enables organizations to avoid excessive data usage costs in the event of a DDoS event. By providing visibility into resource consumption, DivvyCloud also enables organizations to optimally size their cloud resources. For a Fortune 1000 company with thousands of servers, even a 10 percent cost reduction can translate into millions of dollars in savings. 10 Shine the light on Shadow IT with active policy enforcement and cloud automation10 Shine the light on Shadow IT with active policy enforcement and cloud automation BRINGING CLOUD COMPUTING OUT OF THE SHADOWS
  • 11. With DivvyCloud, cloud resources provisioned by groups across an organization can now come out from the shadows. Business users retain the flexibility to access the resources they need to compete in a demanding business environment. IT gains the visibility and control necessary to ensure that the IT environment remains secure, compliant and cost effective. For more information visit www.DivvyCloud.com or contact us at info@divvycloud.com. Conclusion 11
  • 12. DIVVYCLOUD 1400 Key Blvd Level A, Suite #6 Arlington, VA 22209 www.divvycloud.com