Shadow IT, or the unsanctioned use of software and virtual machines, not only wreaks havoc on a company's budget, but also creates serious security holes.
"There are people that go off the reservation all the time," said Justin Franks, lead cloud engineer, Lithium Technologies. Shadow IT forces "traditional IT to turn from a choke point -- or centralized management or security stance -- to a watchdog stance," he added. But rogue IT installments aren't necessarily malicious in nature. Often, corporate IT doesn't provision something fast enough, so developers fire up VMs outside of sanctioned cloud providers, creating back doors for accessing internal systems.
While finding those unsanctioned VMs isn't easy, it is getting easier. The first line of defense is to create policies against spinning up unsanctioned cloud services. The next step is to prepare for users to break those policies.
To gain visibility, IT teams use third-party tools such as ThousandEyes, Sumo Logic, Datadog and CloudPassage to monitor applications and analyze outbound firewall logs, or build their own agents to give them "eyes and ears everywhere," Franks said.
But these tools aren't in place to block developers from what they're doing, said Jim Reavis, co-founder of the Cloud Security Alliance. "These are people who are innovating," he added. "It's a matter of understanding what they're trying to do and helping them do it in a more secure way."