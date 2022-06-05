



Editor’s Note: Steve Cobb is Chief Information Security Officer (CISO) at One Source, a managed services provider (MSP) based in Greenville, NC. The company was one of the award-nominated companies from NCTECH. Cobb has over 25 years of business IT leadership in strategic deployments of IT infrastructure, cybersecurity, incident response and cyber threat intelligence. This article is published only on WRAL TechWire and follows the WRAL TechWire article published earlier this year.

Green Building – As digital transformation accelerates during the COVID-19 pandemic, many companies maintain control over IT assets and policies and give employees flexibility in a changing work environment. I noticed that the tension between things was increasing.

Many are adopting new applications to serve remote employees, streamline operations, and make their IT environments more decentralized. While this proved to be effective in managing pandemic-related issues, it often accelerated the gap between business units and the IT department known as Shadow IT.

The intent behind Shadow IT is positive and usually stems from the desire to ensure that the operations team is servicing customers and solving their own problems to facilitate the work of their employees. I am. However, leaving it unchecked can be a cybersecurity, operational, and financial burden over time.

Here are some steps to help you identify and manage Shadow IT as your enterprise navigates the evolving IT landscape.

Five cybersecurity risks posed by “Shadow IT”

Sorting pieces

One of the inherent risks associated with Shadow IT is the increased likelihood of uncontrolled data flow. This can lead to hosting security and compliance issues. Because of these risks, Gartner previously predicted that by 2020, one-third of the successful attacks a company would experience would be against Shadow IT resources.

To combat these dangers, companies need to have a complete picture of the technology environment as a whole. Revealing Shadow IT can unintentionally trigger budgetary and political tensions within an organization. This is often a reaction to reducing the required costs and containing cyber risk. Of course, companies can only improve what they can see.

1. Audit + discovery

Discovering Shadow IT can often be a daunting task, but it can save your organization costs in the long run.

Companies can start by going directly to their employees and inquiring about the technologies and services they use in their daily work.

These first conversations can help identify unauthorized technologies and help employees understand why they use them.

It is also helpful to follow the money trail analysis statement from the accounting department to decipher where decentralized spending may be occurring.

2. Management

After identifying shadow IT issues, companies need to decide whether technology and costs are controlled by the business unit or the IT department.

You should conduct a cross-section interview with your users to find out why they are using personal devices, software, or cloud services that are not authorized at work.

If you decide to keep the technology in your business unit, you will bear the cost and work with your IT department to manage the technology.

3. Create controls and policies

Enterprises need to implement both technology-based and policy-based controls to address identified shadow IT issues. Enforcing policies is important, but the more policies a company has and the more complex they are, the more time and energy it takes to properly enforce them. In short, the key to effective policy enforcement is to implement the minimum number of simple and manageable policies needed to achieve your goals.

It is imperative that IT teams develop best practices on how employees use external products and must implement policies before deploying new technologies. Educating employees about approved and already available solutions can also help them make better decisions about the software and services they need to be productive.

Strong connection

Shadow IT poses an unknown danger. And as departments continue to add technology and services without IT knowledge, enterprises become increasingly exposed. Decentralization significantly reduces visibility to owned assets, accessed applications, and connected or out-of-contract connection services.

Shadow IT can be a complex challenge to deal with, but there are resources available to NC companies to overcome the problems and decentralization caused by digital migration. Working with experienced managed service partners (MSPs), IT teams can instill the tools needed to automate their technology landscape through integration with HR, operations, and finance teams to ensure the accuracy of their unique technology environment. You can work on the process of taking a nice snapshot.

Whether your company has internal resources to handle Shadow IT or is working with a service partner, this is a timely topic to consider now as your IT team overcomes the pandemic and builds a strategy. .. As digital transformation continues, businesses can rest assured that what’s in the shadows will be revealed.

