How do you manage “rogue IT” — and do you know what that term means? Rogue IT is when someone in your company (who nowadays only requires a credit card and a SaaS solution) has bought a piece of software without going through the proper channels and security reviews. This is a new type of threat: unmanaged, unmonitored use of cloud based services that can threaten intellectual property of an entire company. Recently, Mathias Thurman encountered such a problem: Thurman was asked to whitelist a domain for use by a team in Hyderabad, India. While the domain didn’t seem troublesome, Thurman dug deeper: The domain in question didn’t set off any alarms and didn’t appear to be malicious. OK, so what’s the business justification? The request was from our customer service operations center in Hyderabad, India. The folks there told us they were deploying a new Web-based tool to give our customers access to certain knowledge-base data held on our internal servers. But our IT enterprise applications team knew nothing about this application. In other words, we had stumbled upon the deployment of a customer-facing application that was bypassing our strict review process. The danger was apparent: the domain itself wasn’t a threat, but if it were permitted to be used, there was a good chance important IP would be exposed. Thurman put a stop to the work, and avoided a bad situation just in time. The lesson? Controlling remote resources in a time of easy solution purchasing is tricky, but required.