This morning IBM introduced a new tool called IBM Cloud Security Enforcer, whose purpose as you might guess is helping IT to root out unauthorized cloud apps inside organizations.
The use of cloud apps outside of IT’s purview has sometimes called Shadow IT because the cloud enables users to provision their own tools. This tends to make IT admins a bit crazy, knowing that people are using apps that they know nothing about.
The thinking behind the new tool is that sensitive data could be leaking through these rogue cloud applications, and that the Powers that Be in the enterprise need to get a grip on this, find the ones that people like and block the ones that are the worst security offenders.
IBM is hardly the first to try and solve this. There have been startups like Skyhigh Networks that have been offering a similar type of tool for a number of years. In fact, Gartner has even defined a category around this software called “Cloud Access Security Brokers.” In Gartner’s view the vendors are at various stages of product and financial maturity, and that could be why IBM believes it can enter the market now.
“Other vendor technology in the market today manages just the discovery of which cloud apps employees are using. IBM Cloud Security Enforcer goes well beyond just discovery — it actually gives employees a path for using the third-party cloud apps they want as it centrally manages access via secure log-in credentials,” Caleb Barlow, Vice President, IBM Security told TechCrunch.
The fact is employees would tell you, it isn’t about sticking it to the man when it comes to using personal cloud applications. They just want to get their work done. Barlow acknowledges that Shadow IT can be a huge benefit to organizations, helping employee to find ways to do their jobs more efficiently.
“However, to do it right, we need to make sure that companies and their workforces are connecting to these tools and using them safely and securely – which is why we’re addressing this problem and why we chose to dedicate our engineers and teams to solving it,” he said.
For a long time, IT was about saying “no” to employees, and forcing them to use clunky software. When the cloud came along, employees realized they had the power to get the tools they wanted themselves. Barlow says this tool won’t be reintroducing “no,” but will instead be empowering both sides of the equation with the information they need.
“From what we’ve seen in our research and in real-life scenarios, employees continue to use outside cloud and mobile apps to help them do their jobs, and will only continue to increase as technology advances and demographics shift. Companies need to embrace these changes, and Cloud Security Enforcer will help make that possible,” Barlow said.
IT has to walk a fine line here. It doesn’t really have the power anymore to block employees from using their own tools. If they shut them down on the company network, they can always use them on their mobile devices. Perhaps tools like this one can help companies and employees find the middle ground where IT gets the security it craves and employees get the simplicity and ease of use from cloud applications.