CloudSOC CASB Gateway

Unfortunately, I haven't seen much of the "responsible" sharing mentioned in the beginning of the article.  Too many end users (employee or not) fly by the seat of their pants and trust the security of the cloud apps to do the "responsible" part for them.  Call it user-education issues.  Too often, it takes a threat to open their eyes.  :-\

Shadow IT has been a concern for years but somehow organizations live with it regardless of being in the cloud. The question again comes of public or private cloud apps. If we are having a corporate Dropbox account, employees will be using private Dropbox too for certain uses and may use it for sharing or keeping a personal copy of corporate data they have worked on.

Security Awareness plays a great role in reducing the use of Shadow IT. As mentioned in the article people are sharing more responsibly, they are more aware of risks, and I have personally seen many of our customers improving greatly over time in their IT habits.
 

These are some interesting numbers that show the need for DLP in the cloud. I know Symantec has a solution that integrates with the Bluecoats, elastica, and DLP. The last DLP user group I attended displayed a demo of the integration and protection capabilities. Also, I think Symantec is still offering the free service of analyzing egress data captures to shine light on cloud solutions. 

La nube no es un secreto ya no es innovacion es parte de nuestro dia a dia, las empresas y usuarios finales utilizan la "nube" constantemente y es resposanbilidad de todos los que trabajamos en seguridad de velar por el buen "uso" o las mejores practicas para resguardar la informacion asi como la fuga. Symantec puede ayudar a esa gestion de perdida de informacion como el uso seguro.

I look at Cloud as short term savings, long term hassle.  That is my personal opinion based on my limited knowledge of cloud.  Henceforth, I am personally not a big fan of it yet but perhaps in future my opinion will change.

My professional opinion from a IT perspective about cloud is it reminds me of an old saying that my mentor use to say, never put all your eggs in one basket.  Let's say my whole environment is now depended on AWS, what happens when AWS goes down?  I have no control over or knowledge of what the backened engineering is, how the DR locations are set up as.  Atleast within the internal data centers of an organization, I have somewhat control of what to do in case of an outage. What layer to start troubleshooting at whereas in cloud, we are completely dependent on expertise of the provider.  I do not know if I have that much trust in the providers yet as they seem to be maturing while using production as a big old test.  I am referring to the recent outages by cloud providers such as Amazon AWS S3 outage. One thing that providers can do to make admins like me more comfortable with cloud is actually provide their incident management workflows to the public.  This doesn't have to include their actual internal data but something visual where during an outage, we know where the troubleshooting efforts are being done.  

With the every changind threat landscape I'm not surprised security has increased, it's hard to stay ahead of the game. Good to see more of a focus on security from these company. As always great article, thanks.

El detalle con la nube es que las empresas deben quitarse la venda de los ojos y darse cuenta que la nuebe no es el futuro es el presente y buscar las herramientas  para adoptarla de manera segura.  Definitviamente este se3gmento apuna hacia el CASB + DLP es la manera de eviatar que los usuarios compartan informacion de manera inadecuada y expongan al negocio!!

interesting article, especially seeing the stats around cloud usage. Seems that companies are finally seeing the importance of security around these services. Hopefully now easy of deployment and access doesn't have to be traded off against security

Cloud-native integration allows DevOps to build security directly into application deployment workflows, while support for Chef and Puppet automates configuration, provisioning, and patching. Access to the Symantec Global Intelligence Network protects workloads against the latest global attacks and vulnerabilities, providing peace of mind for large enterprises and born-in-the-cloud businesses.

Fortunately, there’s a solution to these challenges: cloud-based, enterprise file sync and share (EFSS). Today’s solutions can help would-be collaborators achieve their objectives while still respecting security rules. Working groups can share folders, files and workflows within a well-defined framework. This means business users and analysts can gain greater insight via a more natural flow of information and ideas—even as IT and data security executives achieve enhanced governance.

Individual companies acting on their own behalf face talent constraints—just how many security engineers can any one company afford to employ? By contrast, for cloud providers, security is a core requirement for their service offerings, meaning they will invest whatever is needed to deliver world-class results. I feel the article is moderately placed.

Interesting Article. Cloud has always presented a compelling business case. Not only does it reduce the fixed costs of IT spending, it also introduces potential advantages such as flexibility and scalability. Still, the concern most frequently and vocally expressed is security: how can something enabling so much access and interoperability be secure? 

Interesting stats and I'm not surprised security has increased with the threat landscape these days but for those of us here in Hawaii, going to the cloud isn't usually cost effective.  Also from our past experience, this technology just couldn't cut it where response times were usually less than desirable.  This is the price we pay for living in "paradise".  ;-)

The uptake of cloud in our business has been key to growth and flexible working, the security of these areas is essential to us and our intellectual property. But any risks are far outweighed by the benefits.

Great insight into the use of cloud and what types are being shared, always good to have some stats to backup the info.

It's an interesting topic with many companies leaving the physical and relying on cloud, it's a risk as we saw with the AWS outage.

So it looks like organisations are finally becoming aware of data security.  But those figures are still surprisingly high.  3% of a massive amount is still a lot.  Articles like this are a very good way of getting the message home that you can't be to comfotable about your data, you need to keep on top of it.

Wow some interesting stats there, I'm not suprised that companies underestimate the amount of cloud apps they use. The average usage is interesting too, higher than I would have guessed. Great article thanks symantec

Definately see more and more not just talked could like before, more and more people start to load the data to cloud. however, cooperation is still very cautous to move that direction, it think could is the trend, large cooperation evntually have no choice to move there as their clients will be there.

We are in the middle of migrating from our on-premise Exchange over to Office 365 to save costs while at the same time, looking to expand our user base and so far it's doing good. Generally, the feedback are positive. Staff like the idea of being able to access all of their files while 'on the move' including e-mails.

We are still however researching & 'polishing up' the policy on how to handle confidential data/files that are on the cloud. Currently, most of the files are still stored on our SAN to ensure the data are protected.

Still, exciting times ahead!

Your right with companies more and more adopting the Cloud into their business model it can only lead toards more collaboration.

I really enjoyed the detail inside the 2016 Shadow Report,  i have already shared it with some peers.

Emails , unfortunately, will always be at the top of any risk list,  Its nature allows for much easier social engineering scams thsly will cause a spike in leakages and security risks.

Lots of potential risk here but good to see Symc is on top of it. The cloud is only going to continue to to expand but with the Symc/BC merger and the CASB option, I feel much safer. Had the opportunity to see a demo of it and it's a game changer.

Shadow IT can open up some big holes in a network. It's good that "broadly shared" data is at an all-time low, though! We really need to strat cracking down on all the PHI and PII that's being shared though :(

Great article @Symantec!

I can definitely say that, for my company, we have had more/better security efforts and more additions in collaboration tools.  Cloud wise, we are in the middle of moving just about everything to it, so we are definitely in these numbers as well.  :)

After working at a place that leveraged Office 365 I struggle working at a place that doesn't use the product.  THe cloud and the availablity of the data anywhere on any device is the best reason to move to the cloud.

Protecting that data is what makes things difficult.

No you just need a tool that can discover the "shadow IT" in your enviroment.

I wouldn't say that I find this surprising. It is becoming increasingly cheaper for companies to migrate their services or infrastructure on the cloud. We can definitely expect rise in sensitive data being hosted on the cloud. As long as symantec can come up with a tool that will Alert companies of their sensitive data getting on the cloud we should be good.

Businesses are generally using many more cloud applications than what is typically assumed by IT professionals. It's good to see a general trend of improvement in how files are shared and best practices around security. However this is difficult as access to cloud services isn't alwayse something that can be stopped or controlled.

Hello,

Thank you Deena for the full 2H 2016 Shadow Data Report.

Improving cloud cost management provides a significant opportunity for savings, since few companies are taking critical actions to optimize cloud costs, such as shutting down unused workloads or selecting lower-cost cloud or regions. The most common optimization action is monitoring utilization and rightsizing instances (45 percent of enterprises and SMBs). 36 percent of SMBs are purchasing AWS Reserved Instances (RIs) to save money, but only 21 percent are tracking purchased RIs to make sure that they are being fully utilized. When purchased RIs are not fully used, the savings decline, and the RI can even end up costing more than on-demand instances.

Spiceworks’ recent 2016 cloud services report found that 93% of organizations have at least one cloud app. And for most companies, hosting was a natural fit for the cloud. The top two cloud-based services used were web hosting (76%) and email hosting (56%) with an additional 5% and 13% respectively expected to use it in the coming year.

With Office 365, Salesforce, Box, Google Apps, SAP's Concur and Amazon Web Services are the most popular Cloud apps being used today at work.

Naturally, we are seeing the entire work load moving towards the Cloud.

Regards,

It's good to see a general trend of improvement in how, and what, files are being shared. It's also definitely true about shadow IT, speaking from experience. Unfortunately, for a number of reasons, access to these services is not always something that can be controlled and their ease of use (not a complaint) makes this an ever growing issue.

Lots of business are moving to the cloud, essentially outsourcing services. It's only logical that the security of this data is taken seriously. Interesting to read that in the second half of 2016, on average customers were sharing 25% of all files in cloud!

An interesting article, thanks. Cloud storage is a hot topic these days with the use of 365, Google apps and a host (pun intended) of other services. Only logical that security forms part of any deployment.