The Heads Up: Shadow IT – Light Up The Dark Side
Digital infrastructures can be both a curse and a blessing. They allow us to progress technically and positively influence the way in which we work, but can inevitably make organisations more vulnerable to cyber attacks and also make it increasingly difficult for IT teams to control. In the ‘digital jungle’, computers, laptops and private mobile devices (BYOD – bring your own device) are used to access both internal data and external cloud applications. However, which external services are being accessed? This is not always obvious to the IT team.
Loss of IT control
When users find the applications provided by the IT team too much hassle or lacking in functionality, it’s easy to cut through the red tape and deploy apps at will, without the knowledge or approval of the IT team. Just log in, upload, share and it’s done. The question is, who controls it?
Shadow IT presents a major challenge for IT executives. Having very little visibility into where the organisation’s critical data is located, who has access to it, and what security controls are in place poses a hefty risk to the entire organization.
Shadow IT does however, also have its benefits. Integrating new cloud applications into the workplace can lead to greater innovation and productivity. Employees can use the tools that best serve their tasks. Banning the use of cloud applications can often hinder creativity and do more harm than good.
The reality is that there are very few ways to stop the practice – and there is actually no need to do so. This is not to say that you shouldn’t try to shine as much light as possible into the darkness of the IT landscape. These days, there are technologies available that allow IT teams to easily manage the use of Cloud Apps. Censornet’s Unified Security System (USS) gives users the freedom to safely use applications in the cloud. It monitors and tracks the use of all cloud applications, even unauthorised ones, when and how they are being used. Cloud Application Control is an element of USS.
This way, IT managers find out about unauthorised but popular cloud applications and have the opportunity to control and approve their use. For example, Dropbox and other file-sharing services are not fundamentally dangerous, but some risky features such as uploading or sharing critical business data might need to be strictly controlled.
Educate your employees
Instead of stoking the fear of hackers, organisations need to acknowledge that everyone, especially their own employees, poses a threat to IT security, intentionally or unintentionally. That’s why in addition to the use of modern security technologies, staff education should always be a top priority. Realising that corporate data can quickly get into the wrong hands via cloud applications and putting processes in place to ensure staff think twice about this is the first step towards improving IT security.