ITMPI FLAT 001
Main Menu
Home / IT Governance / Security Manager’s Journal: On the lookout for rogue IT

Security Manager’s Journal: On the lookout for rogue IT

How do you manage “rogue IT” — and do you know what that term means? Rogue IT is when someone in your company (who nowadays only requires a credit card and a SaaS solution) has bought a piece of software without going through the proper channels and security reviews. This is a new type of threat: unmanaged, unmonitored use of cloud based services that can threaten intellectual property of an entire company. Recently, Mathias Thurman encountered such a problem: Thurman was asked to whitelist a domain for use by a team in Hyderabad, India. While the domain didn’t seem troublesome, Thurman dug deeper: The domain in question didn’t set off any alarms and didn’t appear to be malicious. OK, so what’s the business justification? The request was from our customer service operations center in Hyderabad, India. The folks there told us they were deploying a new Web-based tool to give our customers access to certain knowledge-base data held on our internal servers. But our IT enterprise applications team knew nothing about this application. In other words, we had stumbled upon the deployment of a customer-facing application that was bypassing our strict review process. The danger was apparent: the domain itself wasn’t a threat, but if it were permitted to be used, there was a good chance important IP would be exposed. Thurman put a stop to the work, and avoided a bad situation just in time. The lesson? Controlling remote resources in a time of easy solution purchasing is tricky, but required.

About Anne Grybowski

Anne is a former staff writer for CAI's Accelerating IT Success, with a degree in Media Studies from Penn State University.

Check Also

How Your Service Desk Can Support Digital Transformation

Digital transformation is the mandate for all companies. But going digital requires good threat protection, …

Leave a Reply

Your email address will not be published. Required fields are marked *