Johannesburg, 03 Oct 2019
As enterprises embrace digital transformation, the adoption of software as a service (SaaS) is robust, with nearly 1 295 apps and cloud services on average being used in a given organisation. While IT-managed apps like Office 365, Box and Salesforce are important, they only make up about 2% to 5% of the cloud services and apps being adopted by the enterprise. Rather, cloud services and apps adopted by lines of business and independent users are fuelling a majority of the growth in the cloud.
While unmanaged apps may be important for business productivity, they bring risks in the form of new avenues for malware and advanced threats and exposure of data by accident or intent. Since IT lacks access to these apps and does not desire administration rights, they lose visibility and control and are forced to deal with the situation using legacy security tactics like blocking at the perimeter or the endpoint. This not only presents technical challenges, but also business challenges, given how the adoption of these unmanaged apps help the business.
With managed apps controlled by IT making up the smallest portion of enterprise app use, the elephant in the room for security teams is the thousands of unmanaged apps that lack cloud vendor API access, and thus require inline knowledge of app communications to understand the data-in-motion, activity, and app instance. Because legacy Web security products don’t understand activity and content within unmanaged apps to apply granular policy controls, the traditional world of a ‘red zone’ for bad applications and a ‘green zone’ for good applications has morphed into a ‘grey zone’.