• 1Mobile + Cloud = Shadow IT


When Megatrends Collide

Chapter 1


IT organizations are defined and judged by how well they navigate transformational technology trends like cloud and mobile. But today, there's an added twist—because these two major trends are also beginning to intersect and overlap in unexpected ways.

This convergence of cloud and mobile means people simply expect access to all of their apps and information from whatever device happens to be closest and most convenient. And if IT tries to limit or control that access, even if it's for very good security or compliance reasons, the cloud offers them plenty of easy DIY workarounds—like accessing sensitive work files when they're logged in at the office, copying them to a personal DropBox account, and then accessing them through their DropBox app when they're on the go.

This convergence of cloud and mobile means people simply expect access to all of their apps and information from whatever device happens to be closest and most convenient.

End users view this exploding number and variety of mobile apps and services as new tools they can use to collaborate and get things done. But for IT departments and security executives, this situation presents serious challenges. Storing sensitive company information on consumer cloud apps is almost never secure. These DIY mobile apps circumvent all of your access and security policies. And when users rely on random collections of unsanctioned apps and cloud services, things like tracking, auditing, and compliance become virtually impossible.

This creates a whole new dynamic—where mobility fuels the need for instant, unfettered access from any device, thousands of cloud apps provide easy but unsecured "Shadow IT" alternatives for users, and IT organizations get stuck with the consequences.

Converging Trends. Colliding Perspectives.

End User

I need all these apps to do my job, so please stay out of my way.

IT Departments

Wait! You’re putting important, sensitive company information at risk.


We need the productivity and the protection. Figure it out.

Chapter 2


Making the convergence of cloud and mobile work for your business

If Shadow IT exists in the space where mobile and cloud come together, how can you transform it from a risky problem into a safe, productivity- enhancing opportunity? As with most things, the answer lies in the right attitude and a smart approach.

Making the convergence of cloud and mobile work for your organization means fundamentally rethinking the role of IT and redefining your relationship with users. Because in a mobile, social, and cloud-based environment, you no longer own or manage large pieces of the infrastructure, you don't control the apps, and with BYOD, you may not even own many of the endpoints.

Given this dynamic, how do you embrace the benefits of mobile and cloud without losing essential control or putting your organization at risk? The answer comes down to your ability to manage and control two key elements across all of your mobile devices and cloud apps: identity and data.

Because when you extend strong, effective identity protection to the cloud, you can give users secure access to all of the cloud apps they need to do their jobs, offer them a safer and more convenient authentication experience from all their devices, and pinpoint cloud-based attacks more quickly.

Given this dynamic, how do you embrace the benefits of mobile and cloud without losing essential control or putting your organization at risk?

When you add cloud-friendly data protection capabilities to the mix, you can control what information gets moved to or stored in the cloud, track the flow and access of information across different environments, and quickly identify and quarantine information that's too sensitive to be stored or shared in the cloud.

And when you apply a layer of intelligence to this new identity protection and data protection foundation, you can start to monitor and correlate user behaviors, login issues, DLP incidents, and other critical information across cloud apps and services—to quickly identify risks and trigger automatic remediation.

This approach, which shifts the focus from devices and infrastructure to identities and information, recognizes and embraces the convergence of mobile and cloud—and allows you to offer the freedom and access your users demand without putting your organization at risk.

Chapter 3


Finding an approach that works for everyone in your organization

Embracing the convergence of cloud and mobile means finding solutions that meet everyone's requirements and expectations. By extending strong identity protection and data protection to the cloud— and then adding an intelligent layer of monitoring and correlation— you can deliver the control your IT department needs, the convenience your end users demand, and the compliance your business requires.

Extending identity protection and data protection to the cloud gives IT departments a single point for securing and controlling access to all of the apps people use—including the "rogue apps" that can put sensitive corporate information at risk. It also allows you to extend your existing security infrastructure to the cloud without ripping and replacing anything.

The right kind of identity protection and data protection provides the control businesses need, but it also offers end users a better, safer experience. This includes making it possible for the right people to gain access to the right apps and information from any device using a single password, PIN, or fingerprint. This gives the people in your organization the mobile flexibility and access they expect—without compromising the safety of your sensitive company information.

In the cloud, more intelligence leads to better control. Real-time monitoring, logging and correlation of thousands of access and user events from disconnected cloud services, business applications, security tools and IT systems.  Allowing CISOs and other business executives to stop worrying about data loss and better prove compliance in the cloud.

Something for Everyone

By combining identity protection and data protection in the cloud, you can finally meet the expectations and requirements of everyone in your organization.

End Users

  • Login one time for access to all cloud apps and resources with a single password, PIN, or fingerprint
  • Enjoy fast, convenient, and secure access to apps and information from any device

IT Departments

  • Gain a single point of control for cloud identity protection, data protection, and intelligent monitoring and remediation
  • Grant secure access to cloud apps and services quickly
  • Extend existing security infrastructure to cloud environments
  • Monitor and track all cloud users, apps, and services

CISOs and other Executives

  • Transform “Shadow IT” from a liability into an asset
  • Strike the perfect balance between productivity and control
  • Stay out of the headlines with improved protection against data loss and breaches
  • Prove compliance across mobile devices and cloud environments

Symantec Identity: Access Manager

Your next generation control platform for the cloud

Deploy on-premise or in the cloud

2Quickly add new apps to the catalog and assign enforceable identity and context based access controls

Enable single sign-on with strong authentication

4Reduce complexity by extending existing infrastructures and user directories to the cloud

5Lay the foundation for a comprehensive Information Protection solution with integrated DLP, risk assessment, and automated remediation

Chapter 4

Introducing Symantec Identity: Access Manager

The best foundation for comprehensive information protection in the cloud

Understanding the importance and value of protecting identities and managing information in mobile, cloud-centered environments is one thing. But building a strong, flexible technology foundation to make that happen requires careful thought and the right technology choices.

Symantec has been a strong leader in identity protection and data protection technology for years. Now, we're extending and applying that experience to today's mobile and cloud environments with a new solution called Symantec Identity: Access Manager.

Access manager starts by using Symantec Validation and ID Protection (VIP) and Symantec Managed PKI to bring integrated single sign-on (SSO) and strong authentication to mobile devices. With Access Manager, your users can login one-time using a password, PIN, or even a fingerprint to safely access all of their cloud apps and information. This helps secure mobile devices by eliminating bad password practices and gives your users fast, easy access to the resources they need.

Next, Access Manager provides flexible, easy-to-create connectors and unified identity- and context-based access control for virtually any cloud app or service, which means you can enforce your security and compliance policies, log your activities to stay compliant, and ultimately turn those rogue apps into legitimate productivity tools.

Access Manager is every bit as flexible as it is powerful. You can choose to deploy it on-premise or in the cloud, depending on the needs of your organization. And because Access Manager integrates seamlessly with your existing infrastructure, it reduces complexity by providing a convenient central point for managing all of your different user directories.

Chapter 5

Exploring the Future of Anytime, Anywhere Information Protection

Access Manager – a flexible foundation

Symantec Identity: Access Manager provides the control, convenience, and compliance you need today as your users, be they remote, mobile, or 'traditional' on-premises users, are almost certainly already utilizing at least one cloud-based application. But it's not just about getting the peace of mind you need today, it also provides a strong, flexible foundation you can use to develop an even more capable and comprehensive Information Protection solution in the future.

An effective information protection platform starts with information governance, including the ability to extend data loss prevention (DLP) capabilities to mobile devices and cloud-based applications and data. This makes it possible to discover sensitive data across different cloud apps and services—and then automatically invoke remediation actions like enforcing data encryption or simply putting the access or transmission request on hold until it can be investigated and approved by the data custodian or policy owner.

The ability to assess risks across cloud apps and quickly detect suspicious activities will have a major impact on your efforts to contain damage from attacks—whether it's quickly zeroing in on compromised cloud accounts or identifying risky offenders. For example, early identification of a risky user allows you to quickly begin investigating possible motivations for an attack, which can also help you determine the potential severity.  The ability to correlate risky users with lists of employees who have resigned or other situational events can help you determine whether the user is simply a disgruntled ex-employee or an unwitting player in an advanced targeted attack. This makes it possible to gauge the seriousness and sophistication of an attack, so you can quickly plan the most appropriate response.

Finally, it's important to remember that your information protection solution should never work in a vacuum. Information protection needs to be an integral part of your larger security strategy, so you can integrate and correlate information with threat protection engines and other security technologies and resources. This will make it possible to extend unified, intelligent protection across every part of your hybrid environment.

The bottom line is that with Access Manager as the foundation, you will soon be able to build an Information Protection solution that delivers the control, convenience, and compliance you need to turn the convergence of cloud and mobile from a risky challenge into a business-altering opportunity.

Together, cloud and mobile have changed the IT industry and the way people view and use technology forever. But with the right mindset and a strong information protection foundation, you can do much more than react and adapt. Learn more about how Symantec can help you harness the full flexibility and freedom of today’s mobile, cloud-driven world—while still maintaining the control you need to keep your information and organization safe.

Experience Access Manager for yourself:


Intelligent Information Protection in Action

Friday, 4:45 pm: A user named Amy makes a number of failed login attempts before gaining access to the network

4:52 pm: She attempts to access a file on a cloud service that she is not authorized to access

4:58 pm: Amy successfully accesses a different file that contains a sensitive product roadmap

05:02 pm: Based on this series of activities, Amy is tagged as a potential risk

05:03 pm: Amy attempts to copy the file to an unsanctioned cloud app

05:04 pm: Remediation begins automatically, quarantines the file, and issues an authentication challenge. If Amy fails the challenge, she will be locked out.

05:10 pm: Amy’s identity is correlated with the recipients of a suspicious email attack, and IT investigates

05:22 pm: Amy is identified and confirmed as the innocent victim of a targeted attack, not a malicious insider.

05:30 pm: As the attack is investigated and resolved, Amy receives a new credential, so she can enjoy her weekend and get straight back to work on Monday morning.