how to reduce risks of shadow it
TRANSCRIPT
How to Reduce Risks of Shadow ITSteps to Reduce Shadow IT Risk In Your Organization
What is Shadow IT?
“Shadow IT is used within organizations without approval of organization and it describes information technology systems and its solutions. Sometime, it is termed as “Stealth IT” to define solutions given by other departments rather
than IT department.”
Generally speaking, there is normally no malicious intent when employees adopt another system, most see it as something to help them get their job done, quite often seeing their IT departments policies as an impediment rather than an enabler. Shadow IT is more than various devices being connected to a corporate network through; personal devices being connected are part of the problem, but so are cloud-based applications that employees and corporate guests connect to every day; these include applications such as Dropbox, Facebook and Apple iCloud.
80% A study by Frost & Sullivan and Intel Security found that more than 80% of respondents to the study admitted to using non-approved SaaS applications in their job.
How to Reduce Shadow IT Risk?
Step #1 Prevent Unauthorized
Device Access
Perhaps the most basic protection against such risks would be to prevent unauthorized devices (personal devices for example) from connecting to the corporate network. A smaller step could be to do the same unless the devices were pre-configured with Mobile Device Management (MDM) software that could create secure links to the corporate network. If employees had a company device, there are other benefits like the ability to wipe any data in the event of the device being lost / stolen or the employee is no longer working for the organization.
Step #2 Education and Training
Any organization concerned with shadow IT management or risk should introduce basic measures; this could be something as simple as training, or checklists to cover best practices and policies. Education is the single most effective tool to improving security, policies, and practices. Organizations could also include the use of newsletters, role-play and videos using real-life scenarios into the training environment.
As part of the training and education, the creation of lists regarding the use of sanctioned cloud services and acceptable practice or behavior should be necessary. However, these lists should be strictly adhered to, revisited regularly and be kept fluid, allowing them to be updated regularly, either on a schedule or as and when needed.
Another simple step could be the monitoring of expenses that the finance department actively looking for references relating to unauthorized applications. It will not reduce the use of these applications; it could be used to trigger other procedures, investigating these unauthorized uses further.
Step #3 Minimize File Occurrences
Whilst many employees understand that if a file is emailed, there will be some digital reference to it on the email server, perhaps they may not realise that other processes could also create a digital footprint or reference to the file; most enterprise printers store files sent to them on an internal disk for example. This means that there could be many instances of the supposedly secure file stored on other networks, and it is these networks that are generally less secure, meaning that unauthorized access (either from an employee or worse still, a hacker) is a very real possibility.
Step #4 Implement Control
Procedure
Introducing a blanket ban on all SaaS applications that do not currently fit within the enterprise guidelines is not always practical and is usually a very cost heavy process. Better to try to integrate the more popular applications within your processes rather than exclude them. However, this does require strict monitoring and control procedures; it cannot just be a free access network.
By implementing control procedures, it is possible to implement a security solution that could work for the benefit of the enterprise and the employee. There are many solutions to give a policy-based control, for example let employees access applications such as Facebook, but would then restrict access to the chat function, or would an enable secure encryption for files automatically before being uploaded to third-party applications such as Dropbox.
Buy Popular SSL Certificates & Lowest PriceVisit Us: www.clickssl.net Or Email Us: [email protected]