Solution Providers Get Stealthy On Shadow IT

Solution providers said they are having some success engaging clients with tools designed to probe the network and uncover the mix of cloud services being used that are against company policy, but they added that the cloud security market is primed for consolidation.

Centrify, CipherCloud, Skyhigh Networks, Netskope, Perspecsys and other cloud security vendors first engage IT teams with the ability to uncover Shadow IT, the mix of cloud services that are used without an organization's approval. The solution providers using the tools include large systems integrators, regional service providers and consultants that specialize in identity management, data security and cloud infrastructure assessments.

The technology can be used to do a quick proof of concept and engage customers who think they only have a dozen SaaS applications in their environment and then ultimately find out they have hundreds in use, said Andy Welsh, director of partner alliances at Denver-based Accuvant, which partners with Skyhigh Networks, Netskope and several other cloud security vendors. The discovery gives customers SaaS visibility and control. Depending on an organization's risk tolerance, the cloud services pose a significant data leakage or data breach risk, he said.

[Related: Discovering The SaaS Footprint]

"We've had a lot of field activity and engagement and really look at them as a potential emerging partner for us," Welsh said of Skyhigh Networks. "It's a popular area of discussion with our customers as they try to gain control over SaaS applications in use across their business units."

Once Shadow IT is uncovered, the vendors can assign a risk score and solution providers can then guide organizations through shutting down the most dangerous cloud applications or work with business units to reduce overlapping contracts. For example, solution providers said they have uncovered business units that have multiple contracts from a single provider, such as Salesforce.com.

Deals can grow to a significant size, reaching more than $1 million, according to Welsh. The process starts with discovery of Shadow IT and then moves into data governance. Encryption or tokenization is a component of data governance and also could include deployment of data loss prevention or simply auditing and real-time monitoring. The space has emerging vendors specializing in a variety of areas, from purely discovery to data loss prevention and activity monitoring, according to Welsh. The technology may appeal to larger technology vendors that want to add on cloud security capabilities, he said.

Combining contractual arrangements can sometimes significantly reduce costs, said Ashraf Motiwala, CTO and co-founder of Identropy, a New York-based identity and access management consultancy that partners with Netskope and Skyhigh Networks. In a recent interview with CRN, Motiwala said the platforms have been successful but he expects a market shake-up, with some leading vendors getting acquired and others building out their platform with additional capabilities.

"The use cases are extremely hot and companies are actively looking at the technology," Motiwala said. "We push into a new world of cloud identity management and that makes that technology very relevant."

Skyhigh Networks is partnering with encryption vendor SafeNet to provide encryption that supports Salesforce, ServiceNow,and Microsoft Office 365 deployments, allowing customers to manage their own keys. Holding the encryption keys is an area important to some businesses that don't want the government to easily probe data by obtaining access from the cloud service providers.

Skyhigh Networks' direct sales team is incented to work with partners globally, and the company set up deal registration to reduce friction between direct sales and partners, said Chris Cesio, vice president of business development and alliances at Skyhigh Networks, Cupertino, Calif. The percentage of channel sales is "significant," Cesio said, adding that the channel has become a major part of the company's strategy.

"Not only are we on-boarding channel partners, but we also have a team supporting them from the sales and technical side," Cesio said. "Our strategy is to invest heavily in the partners and that will be evolving as the market evolves and customers dictate their buying pattern -- and right now they dictate independent consultants deliver the most value."

Skyhigh Networks and other cloud security vendors are seeking partners that have a deep understanding of SaaS deployments and can engage them with professional services. Service providers with strong security practices and consultancies fit well because they can provide a deeper level of engagement with customers on security issues and work on multiple pain points, Cesio said.

"The one request we have with partners is that they have a clear understanding with cloud in general, and they have the technical people on staff to deliver security around cloud applications."

PUBLISHED OCT. 28, 2014