ITMPI FLAT 002
Main Menu
Home / IT Governance / Security Manager’s Journal: On the lookout for rogue IT

Security Manager’s Journal: On the lookout for rogue IT

How do you manage “rogue IT” — and do you know what that term means? Rogue IT is when someone in your company (who nowadays only requires a credit card and a SaaS solution) has bought a piece of software without going through the proper channels and security reviews. This is a new type of threat: unmanaged, unmonitored use of cloud based services that can threaten intellectual property of an entire company. Recently, Mathias Thurman encountered such a problem: Thurman was asked to whitelist a domain for use by a team in Hyderabad, India. While the domain didn’t seem troublesome, Thurman dug deeper: The domain in question didn’t set off any alarms and didn’t appear to be malicious. OK, so what’s the business justification? The request was from our customer service operations center in Hyderabad, India. The folks there told us they were deploying a new Web-based tool to give our customers access to certain knowledge-base data held on our internal servers. But our IT enterprise applications team knew nothing about this application. In other words, we had stumbled upon the deployment of a customer-facing application that was bypassing our strict review process. The danger was apparent: the domain itself wasn’t a threat, but if it were permitted to be used, there was a good chance important IP would be exposed. Thurman put a stop to the work, and avoided a bad situation just in time. The lesson? Controlling remote resources in a time of easy solution purchasing is tricky, but required.

About Anne Grybowski

Anne is a former staff writer for CAI's Accelerating IT Success, with a degree in Media Studies from Penn State University.

Check Also

7 Habits of Highly Effective Release Managers

Release management is a big deal, in that it is usually the thing underscoring statements …

Leave a Reply

Your email address will not be published. Required fields are marked *

Sorry, but this content
is for our subscribers only!

But subscribing to ACCELERATING IT SUCCESS is FREE and only one click away!
Join more than 40,000 IT Professionals and get the best IT management articles to your mailbox with Accelerating IT Success!

Unsubscribe at any time