Identify shadow cloud in your organisation
Find out which public cloud services are being used in your organisation — and how many of them count as shadow cloud.
Why you need to find these services
By knowing which public cloud services the people in your organisation are using, your information and communications technology (ICT) team can set up demand profiles and prioritise network loads to match their demand and importance.
Search for services currently in use
Identify the public cloud services being used in your organisation — find out:
- who is using them
- which devices are being used with the services
- where in your organisation’s network the services are being used.
For these services, make a list — also called an audit.
Tips for making a list of services
For making a list or audit of public cloud services, good places to look are:
- firewall or router logs
- bespoke or automated tools
- online services
- cloud access security brokers.
How to identify services outside your network
As a one-off search, it’s unlikely you will discover all of the public cloud services in use. This is because the people in your organisation might be using public cloud services for business needs from personal devices that are outside your network.
Automate your search for services
If you set up ongoing reviews and monitor activity by using automated tools, you’ll be able to identify services that are normally accessed outside your network, but are occasionally accessed within it. You increase your chances of finding them by automating the search.
Automation is also an important aspect of actively managing shadow cloud.
Identify which services are shadow cloud
Divvy up the public cloud services into those that:
- follow your organisation’s risk assessment process
- do not follow your organisation’s process for assessing risks — shadow cloud.
Next step — categorise shadow cloud services
Organise shadow cloud services by using your organisation’s existing categories.