In Learning Tree’s Cloud Security Essentials course we discuss the prevalence of “Shadow IT”, or the unauthorized and unrecorded purchase of cloud services. Now a recent survey by Netskope has found that the average IT staff underestimates cloud app use to the extent that they only know about 10% of what is being purchased and used by members of their organization.
Face it, shadow IT is happening. You can ignore it, or you can pre-empt at least some of it by providing the IT services, cloud or traditional, for which your users are clamoring.
I just received another reminder of why this matters so much.
I made a number of purchases at Amazon.com during November. But first, I had to update my payment details because my bank had issued a new credit card. The same card, more or less, the only change was the expiration date. But I had to update that before making a purchase.
Now, in some sense your personal AWS and Amazon purchasing accounts are two aspects of the same account. But…
The first week of February I received a short email from Amazon. They had tried and failed to process a charge to my credit card. Given the low cost of Glacier, I owed less than a dollar. But a charge is a charge, and they said that if I didn’t pay by the end of the month my AWS account could be suspended or terminated and the stored data deleted.
No big deal — just sign in to AWS, go to My Account details, and update my credit card information.
But imagine if this had been data stored by someone at your organization, someone no longer used the same email account that had used when setting up their AWS account a couple of years ago. Even if they did notice the message, it’s not as if Amazon knows or cares what the data is. To them it’s just so many gigabytes or terabytes for which you owe so much, and you must pay by the end of the month or it evaporates.
This is one of these frustrating topics — I wish I could give you a nice fix, but there really isn’t one. This is just a matter of being vigilant about a cloud hazard.