Steve Redman, Vice President, Asia Pacific, Palo Alto Networks
According to a recent CipherCloud study in February 2015, 86 percent of cloud applications that employees admit to using are not sanctioned by IT.
This phenomenon, termed as "Shadow IT" can conjure up visions of overwhelmed CIOs frantically trying to keep information repositories secure from online attacks, while their own employees compromise security by brazenly using personal devices and consumer cloud services without IT's permission or even IT's knowledge.
In this interview, Steve Redman, Vice President, Asia Pacific, Palo Alto Networks, explains what Shadow IT is truly all about - its relevance to Bring Your Own Device, as well as the security risks and benefits it poses to a company. Besides these, Redman also provides some recommendations for CIOs to manage Shadow IT, including how it affects their role.
For starters, can you describe the state of security in the Asia Pacific (APAC) region, focusing more on enterprise security trends for the year ahead?
In 2014, a spate of sophisticated attacks targeting enterprises across the region, including M1, SingPass, Malaysia Airlines and Sony resulted in more businesses taking action to protect their assets.
Cybersecurity is now a boardroom issue, and governments across the region are introducing new legislation, as well as setting up new cybersecurity centres to strengthen cyber defences. Earlier in January, the third annual Cyber Security for Government Asia Conference in Kuala Lumpur, Malaysia, emphasised the importance of public-private partnerships and more collaborations for information sharing between countries.
In February this year, Palo Alto Networks, Fortinet, McAfee and Symantec came together to launch The Cyber Threat Alliance, with the mission to share global threat intelligence. We expect that hackers will use more legitimate and convoluted means to launch widespread attacks across the region. For example, malvertising (using online ads to spread malware) is likely to remain a key threat in 2015. This attack method is well-established, and Yahoo! and AOL were both targets in September and October last year, earning attackers thousands of dollars per day for minimal effort. This makes security the enabler for business of today.
A growing hazard has emerged in the security space that is threatening organisations from inside of their own physical and virtual walls. This phenomenon, called 'Shadow IT', is the concept of employees using all manner of technologies for work regardless of IT's approval. Are there any other elements to this concept, or do you have a personal definition of 'Shadow IT' that you wish to share?
More and more employees think it's just easier to find a solution on their own than to engage IT for their approval. Usually, these employees see themselves as innovators trying to get the job done rather than skirting around the organisation's policies.
Sign up for CIO Asia eNewsletters.