Reality of ShadowIT (1) Data encryption is only 8.1%. Information Leakage from Business-Convenient Sites

Security management of data stored in the cloud varies depending on the service provider, but according to a survey by McAfee ^*1, only 8.1% of data is stored encrypted, and only 8.1% of data is deleted when an account is deleted. 13.3%, and 18.1% have multi-factor authentication. Easy cloud use is high risk.

However, in reality, information leaks occur in unexpected ways when users use free translation sites or file linking sites without being aware that they are using cloud services. Typical examples include:

"When I used a translation site to write an English email, the copyright was shared and the contents of the email were published on the Internet."

"When I used an external cloud storage service, the download URL was leaked to the outside via an advertising site, and the file was leaked."

"When I used external cloud storage to share large amounts of data, it was not encrypted and confidential information was leaked."

"There is no data deletion period, and data continues to remain on the cloud service."

Confidential information can be leaked while easily using sites that are convenient for business.

Reality of ShadowIT (2) Used more than 50 times more than administrator's imagination. Happens in almost every company

ShadowIT in the cloud is being used more often than IT departments think. According to a McAfee survey ^*1, the average number of cloud services used by companies was 37, whereas the actual figure was 1,935. That's more than 50 times more than I imagined.

Macnica provides a free PoC (Proof of Concept) that visualizes the usage status of cloud services for companies considering the introduction of CASB, but almost all companies find that unexpected cloud service usage occurs. will be found. Some companies were using more than 20 external file sharing services even though they had large-capacity cloud storage set up by their information systems department.

Reality of ShadowIT (3) It is difficult to grasp the actual situation. Insufficient proxy and firewall measures

The reasons why employees use external cloud services include "requests from business partners," "high speed because HTTP communication can be used," and "no registration required and easy to use." There are a wide variety of services that are used, and it is difficult to grasp all usage conditions. It would be practically impossible to judge the safety of each service one by one.

Many companies use proxy servers and firewalls to restrict access, but setting only the top-level domain is not sufficient. Also, I don't know the risks of cloud services included in the business permitted category for URL filtering. There are some cases where access that should be restricted is allowed.

Solved with CASB. What are the 3 steps for ShadowIT countermeasures in the cloud?

So, what kind of measures are necessary for ShadowIT in the cloud? The key is to follow these 3 steps:

<Three Steps for Cloud ShadowIT Countermeasures>

1. Usage visualization
2. Formulation of usage policy
3. Steady operation

CASB (Cloud Access Security Broker) is a solution that enables these without difficulty and strengthens cloud security. Using McAfee's CASB "MVISION Cloud" as an example, we will introduce ShadowIT countermeasures using CASB.

Step (1) Easy installation of MVISION Cloud. Visualize cloud usage

First, analyze the communication logs of proxy servers and firewalls with CASB to visualize the status of access to cloud services. You can check which user is accessing which service and to what extent, along with the details of the service and whether or not there is a risk, on the list screen.

Many CASBs involve installing an agent on the terminal or changing the proxy server at the time of installation. can be installed without modification.

Step (2) Formulate your own usage policy by referring to the 29,000 CSA-compliant risk indicators

Next, develop your company's cloud usage policy. However, it is difficult to judge the risks and safety of many cloud services individually.

MVISION Cloud evaluates the reliability of approximately 29,000 cloud services in Japan and overseas as a reference index. Based on the guidelines of the Cloud Security Alliance (CSA), a non-profit organization that works to ensure cloud security, risks are quantified on a 9-level scale using approximately 50 evaluation items such as "data encryption" and "multi-factor authentication." is there. Re-evaluation of registered services is also conducted semi-annually. There are many companies that want to introduce only risk indicators because the amount of data is abundant and the reflection is speedy.

It will be smooth if you refer to these indicators to formulate your own cloud usage policy.

Step (3) Establish smooth operations through automatic collaboration with representative alliances

Utilize the monthly reports output by CASB, etc., and check the usage status of the cloud on a regular basis. Check with your company's standards, and if necessary, alert users and set service suspension. With MVISION Cloud, it is also possible to automatically stop the use of services by linking with typical server and firewall products.

Using CASB to continuously implement the series of processes from (1) to (3) and establish operations is the key to cloud ShadowIT countermeasures. McAfee's "MVISION Cloud" is easy to install and operate, and highly reliable, making it an ideal ShadowIT countermeasure.

*1 Source: McAfee Cloud Adoption & Risk Report 2019

*Information at the time of interview.