An Enterprise Leader in the Delivery of Strategic Technology Solutions

The CIO's Guide To Preventing Shadow IT

the top 5 benefits of cloud computing for your business

Gartner has predicted that by 2020 one-third of security breaches will be caused by shadow IT. Shadow IT is the applications and IoT devices that your employees use without the permission of your IT team. According to Symantec’s 2017 Internet Security Threat Report employees are using up to 1,000 applications in their workplace, less than 1% of these applications are approved.

Recently, Dave Palmer, the Director of Technology at Darktrace, described to Financial News a data breach incident where a fish tank at a company was used to store and transfer sensitive data out of the building. This illicit activity made use of the fish tank’s Wi-Fi connection that monitored the tank’s water levels. This is just one example of the many ways that shadow IT can be used against an organization.

The risk of shadow IT is the stuff of nightmares for many CIOs. How can you combat this increasing threat in your own organization? After discussing with our cybersecurity and compliance experts, here are our three tips for combating shadow IT:

Perform Regular Network Scans to Take Inventory of Who is Using What Programs

The initial scan that you perform should be brought to the attention of your entire organization. It is important to understand who in your organization is using what programs. Most employees are not participating in shadow IT for malicious purposes; in fact, the applications they use are often due to an inefficiency in the company approved applications.

After the initial scan it is important to continue utilizing network sniffers and security scanning tools to scan your network for new and unknown tools. These scans do not necessarily stop a data breach, however, they do provide your IT team insights which can be used to perform risk assessments or provide alternative applications to employees.

Open the Shadow IT Discussion to the Entire Organization

Once you have the initial report of the applications your organization is using, open a conversation with the entire organization that is ongoing. To prevent the illicit use of an application it is important that employees feel like their needs are being met. So take the time to listen to the individual department needs and how they are trying to solve them. When you ban a tool due to a security concern, make sure to offer an alternative.

Schedule Regular Meetings With Department Heads To Discuss Their Application Requirements

To effectively prevent shadow IT you must develop ongoing communication between department heads and your IT team. It is important to meet regularly to discuss technology, compliance, and security strategies. As CIO you should have an understanding of the technology requirements of the organization as a whole and how to meet those needs.

Communication and flexibility are requirements for your cybersecurity. Implement the above practices to prevent shadow IT within your organization. For further cybersecurity assistance, contact the Crossroads Security & Compliance Consultants.
 

Share this article:

Older Posts

Archive