Forcepoint and Fujitsu shine a light on Shadow IT

In recent months, businesses have been forced to rapidly adapt to remote work environments for their entire workforce. Enterprises must now administrate secure data access across a huge range of devices, some of which are shared, and all of which connect using device-busy home internet setups. Security leaders who had already been struggling with the challenges of fluid network boundaries now have to manage a new perimeter: their people. The challenges of protecting critical data and maintaining secure employee behaviours are now significantly increased.

“It is human nature to seek workarounds, if IT protocols appear to compromise employee productivity or if solutions are not readily available to workers,” said David Barnett, Director of Edge Protection at Forcepoint. “People today are simply trying to get their jobs done in unusual circumstances, but this is resulting in unprecedented levels of shadow IT, for example a reported 45% increase in usage of communications apps in early 2020 alone.”

Forcepoint and Fujitsu have partnered to help organisations navigate this increasingly complex cybersecurity environment. On October 7 at 3p.m.BST, the companies will host the webinar, “Illuminating Shadow IT to Accelerate Growth” to share insights on the challenges and opportunities for enterprises when addressing data protection and shadow IT.

David Barnett said: “The balance of security and productivity is difficult for businesses, as they navigate keeping critical data safe while enabling employees to innovate and use the tools that work best for them. In today’s cloud-based world, IT teams need to develop new methods and tools to manage these risks without limiting employee experience. Forcepoint today delivers the industry’s most comprehensive suite of converged capabilities to address enterprises’ critical work-from-home security challenges across network security, threat protection, secure access and data protection.”

Andy Baines, Chief Security Architect at Fujitsu added: “At Fujitsu we recognise the challenges that businesses face when implementing necessary changes to enable remote working at scale. IT and security leaders now realise that these changes are here for the long term. As such, organisations must take steps to support their people, maintain visibility and control over their data, and ensure that data protection regulations are adhered to.”

Shadow IT is not simply a question of control, as IT teams lose visibility over who can access sensitive data within an organization. Regulatory compliance including GDPR can also be impacted. And, employee use of systems, devices, software and applications without IT department approval creates cybersecurity gaps which cybercriminals capitalize on as entryways onto corporate networks. With up to 40%[i] of total IT spend on shadow IT, and at the end of a first phase of rapid change, the time is now for businesses to address the temporary fixes that were put in place to support sustainable growth.

Fujitsu offers a range of cloud security solutions from Forcepoint, enabling customers to transform their network and security architectures, simplify connectivity and unify security policy enforcement throughout their distributed application and network environments. Fujitsu’s CASB (Cloud Access Security Broker) Managed Security Service will provide customers round-the-clock support to enhance their cloud security defenses through improved visibility, continuous monitoring and proactive control of activities that would otherwise expose sensitive data within cloud environments.

The Fujitsu CASB Managed Security Service, powered by Forcepoint, allows organisations to:

• Uncover and rate cloud apps: Provide accurate visibility of the cloud apps in use within the organization. Once identified, these apps are then rated according to their security risk.
• Identify over exposed data and risky users: Identification of cloud data which is at the highest risk of leakage outside the organization either inadvertently or due to malicious use. Identification of risky user behaviour such as file oversharing and account takeovers.
• Classify and protect data: Identification of compliance related data (PII, PCI etc.) that is being stored and shared in the cloud and whether is data is being over exposed. Apply appropriate controls to data based upon its classification and levels of risk exposure. Identification and control of data in motion and at rest.
• Ensure compliance and data privacy: Continuous monitoring of how cloud data is being accessed and shared by organisations to make sure compliancy requirements are being met.
• Crowdsource digital transformation: To enable infosec teams to turn visibility of unauthorized cloud use into risk managed tolerated use or even adoption. Learning from users and providing data and behavioural controls that do not get in the way of the user experience.
• Remediate incidents: In the event that cloud accounts are compromised, files are infected with malware, or data is lost or stolen from cloud accounts, organisations need a service to support post-event investigation to remediate the issue and to provide an audit trail.