NTT Security is taking part in Cyber Security Month, a major campaign to increase people’s awareness of the key role they can play in ensuring the security of networks and information systems. Last week, we focused on cybersecurity in banking and, in the second of our series of blog posts, we talk about Cyber Security Month’s second theme: cyber safety.
Today’s workforce likes open ways of working. However while employees may believe tech self-reliance enables them to do their jobs with better results, they are not security or compliance specialists.
Powerful and easy-to-acquire tools and technologies – such as Dropbox for quickly sharing a file with a colleague or partner, to Amazon Web Services for spinning up development environments fast and Skype for quick and easy group communication – have ushered in an era of business self-sufficiency. Tech-savvy users now increasingly purchase, control and provision their own services and solutions without going through the IT department
This shift to the widespread use of applications that are not sanctioned or managed by IT is called “Shadow IT”.
For most employees, thinking about how the applications they use, what they post on social media, or whether the websites they access fit within an enterprise’s security architecture is not even given a second thought. So if every employee, from HR to Marketing, starts working independently to store and share data, the growth of Shadow IT will create a security and risk time bomb.
So what should an organisation do about Shadow IT? Surely all that needs to happen is for a strong IT department to find the source of the Shadow IT and shut it down? Well…not really. It’s important to realise that employees often use Shadow IT to implement new ideas and get things done faster; all of which, are done for the overall benefit of the organisation.
It’s important to be realistic about the use of Shadow IT and ensure that the innovation goals of employees and the business can continue to grow at all times. Any risks associated with using new IT must be managed carefully, introducing controls which integrate Shadow IT systems or devices with enterprise security policies and compliance frameworks.
Click here to read our full In View on Shadow IT which discusses why Shadow IT is becoming increasingly popular in more detail and what organisations can do to manage the risks that arise from it.