You need something from the basement, but it’s as dark as pitch down there. You flick on a light to see something scurry into a corner, into the shadows. Do you dash back upstairs and conveniently forget about what you saw, or do you bravely reach for the flashlight and pursue the enigma further? That’s the kind of dilemma IT faces all the time. In an article for Fierce CIO, Torsten George explores the notion of shadow IT: the unsanctioned use of apps and technologies by business users and departments alike.
Why Pursue Shadow IT?
IT has standards for a reason. COBIT, Basel II, HIPAA, FISMA, PCI DSS: they’re all designed to prevent the kind of havoc that shadow IT inevitably produces. You know, like security gaps, misaligned systems, inconsistent service level agreements, and lack of visibility over security and controls. In a word, shadow IT is risky.
Identify and Neutralize
What kind of shadowy creatures are slinking around the corners of your organization? Perhaps you’ve got a SaaS infestation, a swarm of cloud use, or an invasion of unregistered apps. Before these pests eat away at the foundation of your institution by causing power outages, data loss, or unauthorized disclosure, take action to secure the premises with these easy tips:
- Tip 1: Build a better IT environment–one that can withstand the intrusion of cloud-based applications by securely monitoring and handling those applications.
- Tip 2: Develop a standard policy for handling cloud applications in every instance, allowing employees the benefit of understanding what does and doesn’t count as shadow IT.
- Tip 3: Allow non-approved and cloud-based applications to flourish by channeling them through the proper security encryption.
As George notes, cloud providers should themselves be held accountable for the kind of security risks posed by shadow IT. Organizational trust is something that doesn’t run from the light.
Read the full article at: http://www.fiercecio.com/story/shining-light-shadow-it/2014-09-04