by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : February 2015
[BrieFing] Nearly three-quarters of IT secu- rity professionals are unaware of the amount of “shadow IT” within their organizations, according to a recent survey by the Cloud Security Alliance. Shadow IT, according to CSA, is technology spending and implementa- tion that occurs outside the IT depart- ment, including cloud apps adopted by individual employees, teams and business units. “Employees are more empowered than ever before to find and use cloud applications, often with limited or no involvement from the IT department,” according to the survey report, which interviewed 212 partici- pants around the world in professional IT security roles. Some organizations block certain cloud services altogether, such as those from Dropbox, Facebook, Apple iCloud, Tumblr, but that can be even riskier if employees seek out alterna- tives that have less mature security controls, CSA said. Shadow IT is not a new problem, nor solely a cloud-based one. For years, removable drives have made it easy to move files from one office to another, but it used to take some ingenuity to get outside the perimeter. When the world went wireless, there was an exponential jump in the ability to think and work outside the box. But the recent rise of shadow IT might have to do in part with pressure on IT departments to devote more of their time to defending their networks against escalating threats and incur- sions. According to CSA, more software vulnerabilities were uncovered in 2014 than any other year on record. And the security of data in the cloud has risen beyond the domain of IT departments and is now a “board-level concern” of 61 percent of the companies surveyed. IT professionals cited malware as the top security threat facing their organi- zations (63 percent), advanced persis- tent threats (53 percent), compromised accounts (43 percent) and insider threats (42 percent). In fact, cloud security projects were the leading IT project in 2014, accord- ing to CSA. Globally, three-quarters of organizations said cloud security projects were very important, moving past intrusion detection and firewalls in the level of seriousness. The report said that organizations’ top concern about shadow IT is the security of corporate data in the cloud, followed by potential compliance viola- tions (25 percent) and the creation of redundant or unplanned services creat- ing inefficiency (8 percent). Perhaps most alarming, only 8 per- cent of organizations know the extent of shadow IT at their shops, and 72 percent, “did not know the scope of shadow IT but wanted to know.” That number is higher (80 percent) for orga- nizations with more than 5,000 employ- ees, CSA said. Despite efforts to manage shadow IT, IT departments at 79 percent of firms get requests from their end users each month to buy more cloud applications, according to the CSA survey. The 2014 Cloud Adoption Practices and Priorities Survey was designed to gauge how IT organizations handled security for cloud services, includ- ing how they manage “employee-led” cloud adoption. • Focus on security may cloud awareness of ‘shadow IT’ 10 GCN FEBRUARY 2015 • GCN.COM vices or a Service Oriented Architecture is a good candidate for containeriza- tion,” said Mark Ryland, chief solutions architect at Amazon Web Services Worldwide Public Sector. “Docker is a standard that has taken off like wildfire. All the major cloud vendors – Google, Microsoft and us – support the Docker container format. The government is going to like it because it is a de facto standard.” Docker rivals include CoreOS, Ca- nonical, Spoonium and Flockport. The main challenges facing contain- erization is that the technology is brand new and relatively untested. A good sign that Docker is ready for govern- ment apps will be when it is supported in enterprise-class IT management systems like VMWare’s V Center, Ad- ams said. “Right now, you can’t spin up the containers or run virtual containers or create high-availability clusters – all the stuff that you want to do to create a virtual computing world,” Adams said. “There is no central management console to do it.” In government circles today, Docker is only being used for development and testing applications, but Adams said she has seen government RFPs for development and test environments that request Docker support. “This is a technology that people are going to want to follow,” Adams said. • FROM THE READERS It is not shadow I T, it is clearly what-users-want- at-work IT. continued from page 7 0215gcn_005-016.indd 10 2/3/15 9:31 AM