Cloud services is something that every company is adopting in order to enhance its productivity by proper data management and sharing. But not everyone is yet aware of the perils of migrating to these cloud services. The most talked about subject pertaining to cloud usage is about enterprise data security and data breaches. Data breaches can happen anywhere and anytime and companies need to be constantly vigilant and overly cautious about their confidential data that is stored in the cloud or even the on-premises data that is transferred to the cloud.
Serving the companies security policies are the sanctioned applications, which any employee can use/download on-premises using the company’s network connections. These apps are in the knowledge of the IT staff.
There is an increase in BYOD (Bring-Your-Own-Devices) work culture in organizations. Work flexibility of the employees in workplaces is allowing them to work from home with their own networks. This leads to the use of some unsanctioned apps, which are used without the IT staff knowing about them. This risks the probability of possible data breaches.
As per a survey by an identity management vendor:
We explain the concept of anchor tenants and the subsequent intrusion of unsanctioned apps into your company’s network with the help of this scenario. Your organization has adopted a popular cloud app like Salesforce. Your IT department manages the deployment and security concerns related to this app. When the lines of business start using it, they find ways to get values by integrating the main Salesforce app with other third-party services like Zendesk, Marketo etc. This arrangement of anchor tenant is fully supported by Salesforce because it is in their business interest. But has your IT department given permission for other third-party services to be integrated with Salesforce? When employees or enterprises for that matter, sanction an anchor tenant app, dozens of apps that integrate with the main app enters into your office system many of which even you are not aware of. And these unknown apps share your data back and forth with the sanctioned apps. This poses a huge risk of data exposure putting the vulnerable company at risk.
Sanctioned apps can be protected and secured by implementing some effective cloud security DLP solutions like CASB. They offer security for email clients and office apps like Microsoft Office 365, Google Suite, Dropbox, Salesforce, Azure etc. Tokenization and data governance with integrated access controls, DLP integration are some of the features that a DLP has to have to secure the sanctioned apps. Monitoring and automated remediation of risky data exposure and automated, custom data classification profiling with sensitive data identification are all offered by DLP solutions; thus securing the data with sanctioned apps. While organizations put a lot of emphasis on sanctioned apps, they should be paying more attention to apps that share data with those apps and thus prevent Shadow IT. These apps are the unsanctioned apps like the anchor tenants.
The facts and statistics for unsanctioned apps and the security breaches through it cannot be taken lightly. As said, data security is possible only when organizations continuously monitor them and see to it that there is no intrusion in the form of unsanctioned apps.