"Mitigating Cloud Risks Starts With Full Visibility of Shadow IT"

Netskope and GovLoop conducted a survey to which 230 public sector agency managers and employees responded and provided insight into their understanding of cloud security risks. About 42 percent of the respondents cited good awareness of cloud security risks, while 26 percent cited low or no awareness, and about 32 percent cited somewhere in the middle. Different factors intensify cloud security risks in the public sector. One factor is the ever-changing threat landscape, with state-sponsored cyber actors and other malicious actors continuing to strengthen or develop new attack capabilities. Human error is another factor, with misconfigurations remaining one of the main elements involved in cyber incidents. Another factor is the overreliance on various technology vendors, which are often found to be limited in regard to the capability of their specific tools to prevent sensitive data from being leaked, control risk behavior, and more. Visibility and control are common denominators among these factors that heighten cloud security risks faced by the public sector. One of the biggest visibility gaps is in shadow IT usage. Shadow IT refers to the use of devices, applications, or services without explicit approval from the agency's IT department. Shadow IT has been found to make up as much as 97 percent of all cloud applications used by organizations. Over 50 percent of the survey respondents reported that their organization lacked visibility into the use of shadow IT. A lack of visibility and control leaves agencies open to data loss and other security vulnerabilities. A data-centric approach to cybersecurity is recommended to improve visibility and control of the IT environment, which involves verifying that a user's device is authorized to access the organization's network resources, limiting the resources users can access, and other practices. This article continues to discuss key findings from the survey regarding cloud security risk awareness and organizations' lack of visibility into the use of shadow IT, as well as the need for a data-centric approach to cybersecurity.

NextGov reports "Mitigating Cloud Risks Starts With Full Visibility of Shadow IT"