nobeastsofierce - Fotolia

Cisco targets shadow IT with online cloud security broker

Cisco has launched a cloud security broker that finds, monitors and analyzes employee use of online services.

Cisco has introduced cloud-based software for detecting and monitoring the public cloud services employees of an enterprise use without the knowledge of the IT department.

Cisco launched Cloud Consumption as a Service this week. Among the benefits touted by Cisco is the ability to enforce corporate policies governing the use of cloud services, such as online document storage or collaboration applications.

The online cloud security broker finds and monitors online services employees have tapped to do their jobs. In marketing the new product, Cisco claims the average large corporation uses 1,220 separate public cloud services, which is roughly 25 times more than estimated by most IT departments.

Marketing hype aside, the use of unsanctioned, or "shadow," cloud services can pose a risk to organizations -- particularly if employees are storing sensitive documents in violation of government regulations or a company's internal data protection policies, experts said.

However, rather than ban all but a few public cloud services, companies should adopt more practical policies and guidelines for end-user-acquired services, according to Gartner.

"It is critical that the senior executive group agree that engagement and guidance, versus suppression, are a more sustainable and viable way forward," Gartner analyst Simon Mingay said in a report. "Engaging successfully means being prepared to trade off what may appear to be some level of control to gain better transparency. The transparency can then be used to help guide and nudge the activity toward a higher value outcome."

Monitoring network traffic

Cisco has aimed its discovery and tracking service at midsize and large organizations. The cloud security broker collects information from network traffic traveling through Internet gateways, firewalls and Web security gateways.

Customers get access to collected data through a customized dashboard, which lists the approved and unapproved public cloud services employees are using. Also, the dashboard provides analytics and reports on the services consumed, profiles on the vendors providing the services and industry benchmarks on those services.

The metrics Cisco provides let organizations determine the usefulness of services and whether to incorporate the most beneficial in a particular line of business, said Melanie Posey, an analyst at IDC.

"The whole idea is to have a centralized view of all the cloud that's going on in an organization," Posey said. "There can be some improvements [to operations] that come from that."

Companies using the Cisco service include CityMD, an urgent care organization with 50 facilities in New York and New Jersey. Initially, CityMD discovered employees were using 522 public services, while the company's IT staff supported just 15 to 20, according to Cisco.

Cisco channel partners sell Cloud Consumption as a Service, which costs $1 to $2 per employee, per month, depending on the size of the business. Organizations can try the service for 30 days for free.

Cisco is one of many vendors that provide technology for securing the use of public cloud services. Such vendors are called cloud access security brokers, which act as gatekeepers between organizations' on-premises infrastructure and cloud service providers.

Other vendors providing cloud access security include Skyhigh Networks and Netskope.

Next Steps

Evaluating cloud access security brokers

Obstacles to consider before choosing a cloud access security broker

Efforts to develop a standard framework for cloud access security brokers

Dig Deeper on Network management and monitoring

Unified Communications
Mobile Computing
Data Center