Diversus Group discusses the importance of knowing what public cloud resources your staff are using – not what you think you have sanctioned.
Cloud is fast becoming the dominant computing model; the cloud is everywhere. What about your security?
In an ever–connected, always-on world, legal practices share sensitive information with their clients, colleagues, and increasingly third-party providers. Much of this information now resides outside of a legal firm’s traditional IT infrastructure. Many cloud services specifically focused on the legal profession run and/or store your sensitive data on the public cloud.
What apps are your staff using – The rise of shadow IT
When asked what third party applications are in use within their law firm, over 80% of respondents substantially underestimate the number of applications and file sharing services being utilised by their staff. Interestingly, the number of ‘unsanctioned’ apps in use has increased in the past 12 months as lawyers and support staff have adjusted to the change in working practices bought on by COVID-19.
This use of cloud-based apps introduced or deployed by staff is often referred to as ‘shadow IT’. These systems or apps as usually deployed by staff frustrated with the shortcomings of systems endorsed and provided by the firm’s IT team. They often unwittingly increase cyber risk as the organisational requirements for consistency, security, reliability and governability are sacrificed as employees feel a need to work around ‘endorsed’ systems to work efficiently. A study revealed 63% send documents to their home e-mail address to continue work from home, even when they are aware that this is probably not allowed.
How secure is our cloud?
As organisations connect with each other and embrace the public cloud, the risk of an inadvertent data leak or a more malicious cyber attack increase. It is therefore vitally important that you have deep and contextual insight into all your cloud platforms and how they are related.
Once you know what you have, where you have it and how secure it is, you can enforce governance policies that keep your cloud compliant with your own internal policies and standards as well as those external to your firm.
Get a second opinion on your security posture now:
It may be a good idea to obtain an impartial, second opinion on your cloud security posture. Under a Mutual Non-Disclosure Agreement, we can analyse what is occurring on your network, including the identification of risky configurations, sensitive data, network threats, suspicious behaviour, malware, data leakage, and vulnerabilities. We will provide you with a report containing our observations and any recommendations.
This first step is provided at no cost and you are under no obligation to do anything further.
Find out where you’re most at risk now and take action immediately. Schedule your free Security Lifecycle Review from Diversus Group and Palo Alto Networks. Give us a call on 02 6111 2900 or submit your details here.