Shadow IT

When I heard of the term “Shadow IT” the first thing that came to mind was Ra’s al Ghul’s League of Shadows. What is Shadow IT? It is a term used to describe information technology systems and solutions built and used inside organizations without explicit organizational approval.

Shadow IT is relevant for IT professionals as well as everyone else. Today I will be talking about us IT professionals.

In our workplace, our roles have grown from the conventional job description. We now must wear multiple hats. We usually use many different tools and software that assist us with the tasks that we need to accomplish. Sometimes the tools and software we use can be compromised or the websites that we download from might package malware with the software.

There is a huge impact of Shadow IT. A recent study from EMC suggests that data loss and downtime cost a total of $1.7 Trillion each year. Many businesses would be crippled if sensitive data were to be leaked. Data loss and downtime can happen if we download software or run a tool that might include a cryptolocker and start to encrypt files across the file server.

Organizations have guidelines to how new software is introduced to the environment. There is a process in place where proper testing is done in a sand boxed environment before it is introduced into production. When we bypass these procedures, we risk potential threats and attacks to the environment. This increases the risk for data loss and compromise.

We need to accept Shadow IT. We need to further educate ourselves as IT members of any organization. We need to cross train members of our team and keep in mind that we all posses elevated privileges.

Standardization of software should be implemented. We should all be on the same updated versions. Best practices should be in place when introducing new servers or applications to the network. Passwords should never be set to default, written down, or stored in an unencrypted file. We should never use our personal accounts to run any services and service accounts should not be allowed to logon interactively.

Change management processes should be implemented as well. There should be a structured was of keeping track of changes. With a proper change management in place, we can have checks and balances to prevent issues that may arise. Proper documentation and cross training with checks and balances in place can minimize Shadow IT in the workplace. There will always be a threat. Whether it is from the IT department or other employees.

We as professionals in the IT field have a duty to be responsible as well as ethical.

 

This article was written by Christopher Frank from Forbes and was legally licensed through the NewsCred publisher network.

The post Shadow IT appeared first on McAfee Blogs.

Read more: Shadow IT

Incoming search terms

Story added 23. February 2017, content source with full text you can find at link above.