Written by Dave Stelzl CISSP

Shadow IT – Another Security Opportunity

shadowShadow IT – It’s Everywhere

CIOs see Shadow IT  as another aggravation in the way of them doing their job.  

Shadow IT is much more serious than job aggravation. Like Spam (something end users see as a time waste) it’s more of a threat than inconvenience.

Where there’s a threat, there’s an opportunity…an urgency to fix the emerging security holes.

What Is Shadow IT?

It’s Hillary using gmail. It’s IT using back doors to managed their systems from home. It’s end users downloading unauthorized apps to get their jobs done faster. It’s the giant DEC VAX Implementation I discovered at a large pharmaceutical manufacturer (one you would surely recognize if I were to name it) during an assessment years ago.  No kidding, the IT department swore the entire company was IBM – little did they know, R&D had installed a global VAX network behind the scenes, and no one knew about it!

Here’s The Problem – And It’s Big

Sound Bites: According to a study published by Cisco Systems this year,…

  • 38% of business and 32% of IT workers use non-approved apps because IT approval processes are too slow.
  • 24% of those surveyed use non-approved SaaS apps because they are better than the approved alternative.
  • 18% of business and 14% of IT workers use these apps because the approved tools don’t perform needed functions.

In another study published by Second Watch, 93 percent of enterprise business units are using the cloud, while a substantial 61 percent of them are bypassing their IT departments and doing it themselves.”$1 HC Book Ad

The two big Issues Named in both studies are Cost and Security. The cost represents about 20% of the IT budget – which is a big number. But the security is the bigger issue. At least 30% of the study respondents were concerned with what this does to security. But think about it, who’s securing these applications if IT isn’t?

This is the perfect lead in to an assessment.  First, to discover where a company’s data is – many larger companies have no idea where their data is. Unstructured data is out of control as soon as Shadow IT enters the picture – reference Hillary’s email issues…Second, looking at end node security is now more important than ever. You can be sure much of this computing is being done on personal devices…so how secure are they?

Please comment – where are you seeing new opportunities with Shadow IT, and how are your IT and CIO contacts reacting to this expanding problem?

© 2016, David Stelzl

 

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s