To grasp the importance of CASB, it is imperative to know about Shadow IT and the risks associated with it.
What is Shadow IT?
Shadow IT refers to IT Infrastructure, Software and Systems that are used by employees without organization’s approval. These are resources that are typically neither deployed nor managed by the organization’s IT department.
“Gartner predicts that by 2020, a third of successful attacks experienced by enterprises will be on their shadow IT resources.”
Cloud Adoption and growth of Shadow IT
The growth of cloud adoption over the past few years has been tremendous, and it is still growing at an unprecedented rate. This inadvertently leads to the growth of Shadow IT at an alarming rate along with its associated security risks. Hence, to protect the critical assets of an organization, it is of utmost importance to be aware of unapproved IT Infrastructure, Software and Systems that are used by employees to store, process and transfer organization’s data.
“The worldwide public cloud services market is forecast to grow 17% in 2020 to total $266.4 billion, up from $227.8 billion in 2019.” Source: Gartner
Factors that contribute to the growth of Cloud Adoption by organizations:
- Cost Efficiency – Pay as you go model of cloud offers flexibility to fluctuating organizational needs and reduces cost when there is no demand for resources.
- Faster deployment – Infrastructure is available within minutes rather than days.
- Scalable – Scale up or scale down the infrastructure resources dynamically as per the current needs of the organization.
- Services on Demand – Services are prebuilt, readily available and can be used as and when required.
- Flexibility – Available anywhere, users can connect to the servers/applications from any location and are not restricted to one location
Due to the above factors, cloud adoption will continue to rise which will lead to the growth of Shadow IT as one of the consequences.
This in turn brings us to this question of “How do we protect resources that are used by employees which aren’t known or governed by the organization?”
Cloud Access Security Broker is gaining popularity in the Cybersecurity space to address the security risks associated with cloud usage. CASB enables organizations with a provision to achieve effective governance by providing visibility on the cloud resources that are used by the employees, and by enforcing security controls on them to protect critical assets of the organization from unauthorized access.