Best practices for curbing shadow IT in a VMware cloud

Simon Edward • 15 December 2023

Shadow IT – the use of unauthorised tools and resources – is a security risk for enterprises. Learn how to control it in a VMware cloud.

Shadow IT – the use of unauthorised tools and resources – is a security risk for enterprises. Learn how to control it in a VMware cloud.

 


There's a paradox at the heart of today's cloud-first workplace culture.

 


The vision is one of unification. All workloads, processes, data and apps are migrated safely to the cloud, where they sit in safe, accessible harmony.

 


Then there's the reality. The age of the cloud is also the age of hybrid working. Of bring-your-own-device policies. Of unauthorised accounts and cloud-based software.

 


And, as T.S. Eliot said, between the vision and the reality falls the shadow: the mysterious and frustrating presence of "shadow IT".

 


Shadow IT is a ghost in the machine. The phrase refers to any unknown or unapproved IT in your organisation.

 


It's rarely the product of malice. Most employees bear the IT department no ill will. It's usually an innocent attempt to make life that bit simpler – but because it's unapproved and unvetted, it can pose security risks not just for the employee but for the whole organisation.

 


In this article, we explore the twilight world of shadow IT – and some best practices for curbing it in a VMware cloud. But first: why does it matter?

 


Why is it important to curb shadow IT?

 


There are several reasons why it's important to curb shadow IT in a VMware cloud (or, indeed, any cloud). But they all combine to make one big reason: cyber security.

 


Security, we all know, should never be an afterthought. In a cloud-first world, skimping on security is like having a door without a lock. You might as well invite hackers to sit in on your meetings.

 


It's not just that you might experience a data breach, however. It's also that you could feel the chill in both your reputation and your finances.

 


Data leaks are bad for business. They suggest a rudderless ship. Working with a company after a serious data breach is like hiring a removal van from a company that's just been done for joyriding.

 


 

Picture of a van being driven fast and carelessly.

 

So much for your reputation. There's also the financial penalties that come with GDPR and other regulatory frameworks. These aren't anything to be sniffed at.

 


Cyber security is so much more than just curbing shadow IT – but those unauthorised tools and resources need taming. Otherwise, you're building yourself a coffin and climbing inside to see how it fits.

 


The bottom line is that shadow resources haven't been vetted by IT. There's no way of knowing if they meet your company's security standards – heck, there's often no way of knowing that they're even there .

 


And in either case, there's no way for management to hold shadow users accountable. It's a digital Wild West that's growing right under your nose – a spreading but odourless haze.

 


The big risk is a data breach caused by a distended attack surface. But shadow IT can also create non-compliance with some software vendors and even inter-departmental friction

 


What can you do about it?

 


Perhaps the most useful thing that a company can do to curb shadow IT – and bolster cyber security in general – is to create a "cloud-first culture".

 


This means that employees are kept up to speed with the technological side of things. There's not much use in you muttering behind closed doors about the dangers of shadow IT if your staff have no idea that it's an issue.

 


Do you have a first port of call for all things cloud? Do you have webinars and knowledge-sharing sessions to promote cloud awareness? If the answer is "no", you might find yourself regretting it down the line.

Picture of an office presentation.

 

Related to this is the importance of opening up lines of communication between IT and employees. This is a two-way street. Employees need to know how to raise concerns and IT needs to respond to them in a timely fashion. The alternative is for disgruntled employees to go rogue and set up shop in the shadows.

 


Finally, you can deploy software to continuously monitor the network, ensuring visibility and control of all devices, tools, resources, applications and systems.

 


If you're using a VMware Cloud, CASB is the answer.

 


How can VMware's CASB help?

 


CASB (cloud access security broker) is a key part of VMware's Cloud Web Security and SASE portfolio. It offers complete visibility into all SaaS applications – and enables IT to have complete control over user access.

 


This puts you in the position to curb shadow IT without slowing down productivity. In fact, it shortens IT's to-do list and makes it easier than ever to enforce security policies.

 


CASB is kind of like a traffic cop. It checks all the traffic flowing between an enterprise and its cloud providers. Whether on-prem or in the cloud, the CASB has hawkish eyes and an even more hawkish grip on rogue traffic.

 


This could be the difference between a leak of confidential data and a watertight network.

 


How does it work?

 


VMware's CASB gives you full visibility into all the SaaS applications in your network – and allocates a "risk score" to each one. IT is then able to accurately monitor the risk levels and fine-tune access permissions and activity controls.

 

Picture of a nightclub bouncer.

 

Let's say that one app is low-risk. You can set it so that users can log in, upload and download files without putting security at risk.

 


But another app is high-risk. For this one, you can configure things so that users can upload files but not download them.

 


All in all, this visibility is good for everyone – senior management, employees and IT. It streamlines asset management, cybersecurity risk management, security log management and compliance.

 


Conclusion

 


Shadow IT isn't going anywhere. We live in an age of increasingly complicated networks, brimful of devices, apps and users. There will always be network activity that's difficult to detect and hard to curb.

 


However, you can take steps to bring it under control – whether that's a case of improving your employees' knowledge or deploying VMware's CASB.

 


Are you looking for a VMware consulting service ? At Ascend Cloud Solutions, we're VMware experts and have helped over 400 enterprises migrate to the cloud. Get in touch today for a no-obligation consultation.

 

These days, the majority of enterprises hold huge quantities of data. Find out how big clouds

Why big data depends on big clouds

by Simon Edward 26 February 2025
These days, the majority of enterprises hold huge quantities of data. Find out how big clouds can help.
What are cloud APIs and how can they help your business bloom? Find out in our jargon-free guide.

Cloud basics: APIs and their role in cloud computing

by Simon Edward 24 February 2025
What are cloud APIs and how can they help your business bloom? Find out in our jargon-free guide.
Cloud computing costs are set to rise in 2025. Are you paying too much? Join us as we explore

How much are businesses spending on the cloud in 2025?

by Simon Edward 22 February 2025
Cloud computing costs are set to rise in 2025. Are you paying too much? Join us as we explore the facts.
How can NSX Application Platform (NAPP) help you improve your security posture? Find out

VMware's NSX Application Platform: what does it do?

by Simon Edward 17 February 2025
How can NSX Application Platform (NAPP) help you improve your security posture? Find out in our guide.
Ireland's cloud industry is booming. Join us as we celebrate 6 of the innovators who made it happen.

6 cloud computing innovators from Ireland

by Simon Edward 14 February 2025
Ireland's cloud industry is booming. Join us as we celebrate 6 of the innovators who made it happen.
Cloud costs have a way of snowballing. Find out how to manage them in more complex environments.

How to manage costs when the cloud gets complex

by Simon Edward 11 February 2025
Cloud costs have a way of snowballing. Find out how to manage them in more complex environments.
Consumers and enterprises rely on the cloud for storage. But how does it work? Get to grips with the

Cloud basics: how does storage work in the cloud?

by Simon Edward 7 February 2025
Consumers and enterprises rely on the cloud for storage. But how does it work? Get to grips with the basics.
How can you manage the security and compliance of your cloud workloads? Find out how a CSPM can help

What is cloud security posture management?

by Simon Edward 4 February 2025
How can you manage the security and compliance of your cloud workloads? Find out how a CSPM can help.
What do Reddit users want to know about VMware NSX? Get the questions – and answers – in our article

VMware NSX: Reddit's questions answered

by Simon Edward 27 January 2025
What do Reddit users want to know about VMware NSX? Get the questions – and answers – in our article.

Why is Broadcom pushing private clouds?

by Simon Edward 24 January 2025
Recently, Broadcom has told enterprises that private clouds are the way to go. Find out why in our article. 
More posts