The countdown to GDPR is on. The legislation marks a crackdown in terms of where data is stored in the cloud, with stricter fines for businesses in breach of those regulations.
However, a recent report by security firm Blue Coat found that 98% of cloud-based applications do not comply with the impending GDPR legislation. It’s a combination of human error and lack of visibility or control over applications, and shadow IT or shadow data that is the largest risk factor for security breaches and non-compliance.
For businesses without video or web conferencing solutions, they run the risk that a member of staff will download consumer-grade or unlicensed software without the authorisation of the IT department, potentially exposing that organisation to data loss and theft. There’s also the fact that IT managers have little visibility in the types of data being shared via these applications including web and video conferencing, which could also potentially put the business in jeopardy of non-compliance.
The impetus for shadow IT occurring is down to the way our mobile device-driven, globalised society operates. As workers conduct business on their personal devices more and more, the way employees work has altered as a result, with more emphasis placed on productivity now than ever before. The same goes for pressure on the IT departments to driving operational agility, while maintaining secure and cost-efficient systems and software.
The role of the network manager
Collaboration between the IT department and the workforce has never been more crucial, especially with businesses facing fines of 4% of their annual revenue from the previous financial year, in the instance of negligence. Open lines of communication between staff, their customers and IT can help mitigate rogue application or software downloads. Knowledge of which application or technology is needed can help IT properly manage its use and enforce the necessary security measures.
For instance, as enterprise-level workforces continue spread across different geographies, its staffers will continue to look for ways to collaborate more seamlessly. Video conferencing plugs this gap in a huge way. Universal interoperability can also work to combat shadow IT. Video conferencing in meeting rooms and audio can be protected through encryption protocols, randomised meeting IDs and passwords, and locked meeting features. Any conferences stored in the cloud are encrypted as well, and their owners can restrict who has access to them.
While it’s important for the applications themselves to be secure, the cloud architecture they run through must be as well. Security services including network firewalls, proxy servers, load balancers all work together to terminate any third-party traffic in order to protect against a suite of application attack vectors. Vulnerability scans are run periodically and software patches implemented when needed.
James Campanini, GM International, BlueJeans