In an effort to control the risk of unsafe or unwanted applications, enterprises and their IT teams will often blacklist and whitelist programs to ensure only approved apps are used on the corporate network. Is simply blocking or allowing apps the answer? Recently, MobileIron released the top 10 most blocked or blacklisted applications based on a survey of over 6,000 organizations. Here is the list:
- Angry Birds
- Microsoft OneDrive
- Google Drive
Seven of these apps were also listed in a recent Netskope report that indicated the top 20 most used cloud applications.
This data is compelling, but it does not tell us how and why people are using these apps. One of the most popular apps, Twitter, is commonly blocked at enterprises so that employees are not tempted to use it for social purposes while on the clock. However, I use Twitter for business purposes only, so if this application was blocked I couldn’t be as effective in my role.
Also, five of the applications are file storage apps. Is it possible that employees aren’t getting the file storage resources they need from internal IT? What types of restrictions are there on sending files through corporate email? A huge benefit of cloud services is the ability to access information from anywhere (huge plus for work productivity). These apps also allow us to share files without putting the burden on email. If IT has put a restriction on how much you can store and how much you can send, employees will turn to cloud applications to accomplish their work tasks. Once those apps are blocked, what’s left?
While the enterprise has legitimate concerns about data leakage, blocking apps isn’t the smartest way to ensure that data remains safe (I have no argument for angry birds, sorry). Employees will find another application that hasn’t been blocked yet or the really tech savvy employees will find ways to use even those apps that IT has blacklisted.
I look at the top ten list and see a great opportunity to negotiate an enterprise license agreement with a cloud storage provider that has been vetted by IT. Rather than taking the heavy handed approach of blocking apps first and asking questions later, IT can instead use this data to learn what their employees need to be productive and then provide safer, more cost effective alternatives. This is a win-win scenario: employees get what they need and IT is able to protect corporate data.
There are plenty of enterprise-class applications that are designed to provide employees with the same benefits as those designed for consumers–with the added layers of security and control that are necessary for the enterprise. There are also smart ways for IT to enable cloud apps while minimizing risk. Netskope listed the following Three Quick Wins For Enterprise IT
- Discover and secure sensitive content both at rest in and en route to your cloud apps. Focus on most common DLP violations that carry penalties and can result in negative press, including PHI, PII, and PCI.
- In defining cloud app policies, consider not just popular Cloud Storage, Social, and Webmail apps, but also focus on business-critical apps like HR, Finance/Accounting, and Business Intelligence.
- Go beyond coarse-grained “allow” or “block” decisions on cloud apps, and enforce contextual policies on risky activities such as “download” (e.g., to mobile), “share” (e.g., outside of the company), or “delete” (e.g., if you’re not in the enterprise directory group “HR Directors”).
Another quick win for IT is to consolidate redundant applications and negotiate enterprise license agreements wherever possible. This will allow IT to save the business money.
Letting employees go rogue isn’t the answer, but there are different ways for IT to maintain control that will both minimize security risks and maximize cost-saving opportunities for the business.
There are various tools available to help discover which resources employees are relying on to do their jobs. Armed with this information, IT can efficiently define effective app usage policies and implement enterprise-class applications that are best suited for an organization.
If you’re interested in learning more about how you can take control of your cloud apps, visit our Matrix IT – Cloud services page.