carloscastilla - Fotolia
Traditionally, data loss occurred because of accidental deletion of data, or users copying data to USB flash drives or hard drives. But cloud data loss is now impacting the data center due to shadow IT -- the unauthorized use by members within an organization of cloud services. It presents a unique challenge; the service is clearly something that users want, so IT needs to provide a controlled version.
The most common shadow IT services that contribute to cloud data loss are cloud-based file sync and share, cloud backup and public cloud-based email. These services are typically used to sync and protect data across their various devices or to provide more convenient access to email. While the use of these services may be legitimate and not intended to be harmful to the organization, it can also lead to data loss.
For example, a file sync-and-share product that uses the public cloud is very easy to sign up for to share data across devices and between users. The problem is that sharing occurs without the knowledge of IT. Shares can be set up with other organizations that may be competitors. When a user leaves the organization, the sync may be terminated but all the data that was on their devices stays with them.
The first step in cloud data loss prevention with respect to shadow IT is to offer similar services to users but use solutions that have IT operational controls. The end-user interface needs to be as good as the commercially available programs. At the same time, IT control needs to provide capabilities like notification of external sharing, blocking of certain types of sharing and remote wipe.
The second step is to implement a reporting system that will continuously scan the environment to look for unauthorized use of cloud services. This reporting is essential because it is difficult to block non-supported devices arbitrarily. There may be legitimate use cases, and cloud services appear so quickly it is almost impossible to block them all. Reporting alerts the IT professional to the potential breach and then they can take action from there.
Predicting the future of data loss prevention tools
How data governance is evolving in the world of shadow IT
Three steps to dealing with shadow IT risks
Dig Deeper on Data storage management
Related Q&A from George Crump
According to analyst George Crump, you might want to think about going with a non-traditional Hadoop architecture. Continue Reading
Cloud storage doesn't just have to be for backup. According to George Crump, cloud services can make deploying a new application or disaster recovery... Continue Reading
If your IT department has the skills set, OpenStack object or block storage might be a good idea, analyst George Crump said. Continue Reading