On 14 June 2017, Browsium hosted a webinar: “Learn how to detect and take command of shadow IT in your organization”. We had a large group participating in the live webinar, generating a number of great questions about the unique solution Browsium provides for cloud service detection and reporting in the enterprise. We have compiled the complete set with answers to share with all attendees and those seeing the webinar for the first time here in this post. If you missed the live event, you can watch the video archive on YouTube today (or use the embedded video player above).
Read on to see the questions (and our responses) from the webinar.
You made it sounds like SaaS is a bad thing, but we’ve embraced the SaaS model and encourage business units to find solutions that meet their needs. We see that as a way to enable and empower the business. If SaaS can deliver what our users want and need, why should we need to control that?
A: Great question. The issue for us isn’t really about control – but we often hear IT folks talk about Shadow IT and SaaS as ‘the enemy’ so that notion isn’t foreign. For us the issue is about insights. For organizations that want to embrace SaaS, we can help them deal with the variety of threads and breadth of deployments. We’ve seen organizations that adopted the same SaaS application across multiple business units, but each was purchasing without the volume benefits of the others. We can help get more out of SaaS in those areas. On the other side of the issue will be IT groups that want to insert more control for a variety of reasons tied to their business, and we can help them achieve their goals too.
Who is the typical consumer of these tools, IT? Security? Procurement?
A: The simple answer is all of the above. As with most IT operations management tools there are multiple consumers of this key telemetry data. Sometimes we interact with IT first as they are looking to fill in the dark corners of their IT operations toolkit. Procurement (or compliance) can leverage our tools to help ensure they are getting the best value – and not overspending or out of compliance in other ways. Other times it’s the security teams that come to us and want insights beyond the browser ‘exe’ and the ability to see into where users are going, what those applications are doing and what kinds of threats are out there (and currently invisible to them). Two recent examples would be wanna cry and the google docs threats. Security can use our tools to see if anyone went to those links or those resources were loaded, and then understand the impacts.
Does Proton provide service or license usage data for all cloud applications, like it does for Office or GoToMeeting?
A: Proton provides reporting on user accounts used on various web applications, logically separated into two groups: Known, highly popular cloud-based web applications for which Proton has special client-side detection code delivered (and kept up-to-date) by the Browsium Cloud Service, and other web applications for which Proton detected a user login and that application was opted in for User Account data collection in the Web Application Details view.
Does this require some kind of integration to add other applications for usage data of different services?
The client-side detection code, delivered by the Browsium Cloud Service, provides the most comprehensive usage data. This code is delivered automatically as Browsium adds additional SaaS applications to the solution. In addition, client side code is required to detect native Win32 cloud client software, such as the Dropbox or OneDrive clients running on Windows. Beyond these needs, you can opt any web application into Proton’s generic user account data collection and you should see good results. If you don’t, report the web application to Browsium support so we can enhance Proton’s generic data collection or create specific client-side detection code for that application.
We block Dropbox and other cloud sync applications, isn’t that sufficient to ensure security and data controls?
A: From my view, no. First of all there are ways to access Dropbox and other cloud sync sites without going directly to their URL. And then there is the issue of needed to play ‘whack-a-mole’ and having to know about all the sync services to stay a step ahead. I’m always reading about the latest player coming (or going) from the cloud sync space, so that area is a moving target. But also think about google drive or OneDrive. Many of our customers subscribe to Google Apps or Office 365. Both of those services include cloud sync components, so while you might block Dropbox, data can flow through ‘approved’ environments very easily…and users could intentionally or unintentionally use their personal accounts to sync.
