Infosec 2016: AIB Guards Itself Against Shadow IT With Greater Cloud Visibility

Skyhigh Networks identifies 2,500 cloud services on AIB’s network, helping the bank protect itself from data breaches

Allied Irish Bank (AIB) is working with Skyhigh Networks to gain greater visibility over its use of cloud applications, helping the bank to prevent data breaches and protect its customers.

The state-owned bank is one of the ‘big four’ in Ireland and has more than 10,000 employees, serving retail, small business and corporate customers.

More than 630,000 customers use its mobile applications each month, while cloud services power a number of its internal business processes, as well as its biometric login capabilities. AIB says it plans to use the cloud more in the future and wanted to ensure it was compliant and secure given the sensitivity of the information it handles.

Protecting bank customers

AIB Dublin bankl 2Many employees use cloud applications not approved by IT departments, increasing the risk of breaches. Shadow IT has become a greater concern to businesses in recent times and a number of high profile breaches at banks have also increased awareness.

“Protecting customer data is paramount to AIB,” said David Cahill, security strategy & architecture manager at AIB. “Times have changed, however, and cybersecurity no longer ends at the network perimeter.

“Employees are using a multitude of cloud services in order to do their job more effectively, something that we need to embrace if we’re to stay competitive in an increasing agile and digital world. Our initial step into cloud adoption security was therefore driven by needing to improve visibility into exactly which services were being used and how.”

Skyhigh Networks discovered 2,500 cloud services on AIB’s network and ranked each services by its data, legal, business and compliance risk. At present, AIB has processes in place to approve the use of certain services, but the partnership will help it streamline its decisions.

If a service is blocked on security grounds, employees will be told exactly why it isn’t authorised and will recommend an approved application instead.

“We sanction services like Box because they offer extremely high levels of usability, service and security. However, it’s not enough to simply buy a licence, we need to ensure they are being used and being used responsibly,” continued Cahill “Skyhigh’s granular analysis of sanctioned IT means the right cloud services are being used for the right reasons. Something that’s easier said than done.”

Recent research from Skyhigh Networks showed nearly three quarters of Microsoft Office 365 users suffer from at least one compromised account every month.

Think you know all about Microsoft Office? Try our quiz!