IBM fights shadow IT with Cloud Security Enforcer

“Bring your own” strategies – device, apps – combined with security issues in the cloud are a source of concern and a headache for IT managers. To help companies see more clearly, IBM has just announced with Cloud Security Enforcer a way to strengthen the ability of CIOs to better manage the use of unsupervised applications in the company. The offer allows companies to provide their employees with a secure mode of access to the apps they use without authorization. It relies in particular on IBM’s identity management technologies.

Research conducted for IBM Security shows that one-third of respondents at Fortune 1000 companies share and back up business data in the cloud using external apps. These risky practices are growing more and more, as is the use of personal email for professional tasks, the use of weak passwords, or the reuse of corporate identifiers. External mobile apps also present a risk since nearly 40% of those currently being developed are not properly secured before arriving on the market, according to the study.

A partnership with Box

Hosted in the IBM cloud, the Cloud Security Enforcer offer makes it possible to scan a corporate network, find the apps that employees use and strengthen access security. This solution is based in particular on the partnership forged with Box and on connectors to the online sharing platform. Other connectors link with tools traditionally used in the professional context: Microsoft Office 365, Google Apps, Salesforce.com, etc.

Cloud Security Enforcer also includes features to verify the integrity and security of apps used by employees. This verification is based on the threat analysis capabilities of IBM’s X-Force network, which monitors malicious activity on the Internet by analyzing more than 20 million security events worldwide per day. Cloud Security Enforcer also helps determine which company data employees should not share through external apps.