Shadow IT – The Demon in the Corner?

Nowadays everybody’s talking about the next major transformational piece in the IT jigsaw and for those not yet up to speed its Cloud Computing!  Whether it’s private, public or hybrid cloud, if you don’t yet have a cloud strategy then my advice is to get one… And if you are one of the none-believers then might I be so bold as to suggest that you wise up!

Cloud computing is upon us and in one foul swoop the traditional network perimeter is dissolving as assets mobilise and shift to the web.  For those who are still in denial, this isn’t dissimilar to the onslaught of VMware back in the early 2000s – back then R&D teams suddenly realised that they could virtualise multiple platforms on to the same piece of tin and with it IT Agility was born.  No longer did they have to go cap in hand to the IT Director for resource – they could use the same tin they already had.  And before long we saw VMware hit production environments and their organic growth has been assured ever since.  Now what has this to do with cloud?

The monumental growth in bandwidth, processing power and storage has once again enabled R&D teams who have once again accelerated their outcomes by flexing to the cloud initially with the same VMware platforms they have always used but increasingly a plethora of other technologies too.  Talk now is of “As a Service” cloud solutions and whether it’s Software, Platform or Infrastructure as a Service the impact is the same – the concept of 2 Speed IT – of rapidly developing IT in the cloud whilst allowing traditional IT to continue at a slower pace.

And the challenge doesn’t stop there – cloud will become as pervasive as VMware did in the naughties and for now the only question is to what timescale.

But what has this to do with Shadow IT?

Shadow IT is a term often used to describe information-technology systems and solutions built and used inside organizations without explicit organizational approval. It is also used, along with the term “Stealth IT”, to describe solutions specified and deployed by departments other than the IT department” [Wikipedia]

I’ve yet to find a commercial organisation that isn’t suffering the effects of Shadow IT – it’s been around for years and most IT departments turn a blind eye to it which is why it’s becoming a menace.  I sat down with a CIO a couple of years ago and asked him what was his biggest security challenge.  His reply surprised me as it was Facebook; which should have been governed by his internet acceptable use policy but alas was being used as a collaboration tool because his department hadn’t been agile enough to deliver a corporate solution in a timely manner!  The name of the company and industry sector will remain nameless but suffice to say, key data assets had leaked to Facebook and retrieving them was a monumental task for the company concerned and involved considerable cost.  And this wasn’t malicious – the users were Hacking Work in order to become more efficient and to do their jobs faster, quicker and better – the trouble was that IT had hindered and not enabled this process.

Wind forward a few years and we see “acceptable” migration to the cloud as it becomes mainstream – the trouble is that it isn’t acceptable as the organisations we work for are governed by compliance and data protection laws that mean it should be on the top of every security officers agenda to know where data is migrating to.

The challenge is that with many browsers defaulting to SSL, traditional policing solutions such as firewalls and web gateways don’t have the visibility of the web traffic which is why it should be a strategic imperative for organisations to know what Shadow IT is being used to leak data from the corporate enclave which is why Shadow IT is such a menace.

InfoSecurity People’s Shadow IT Assessment service aims to help organisations understand the extent of their problem and whether the goal is to stem the flow of information from the corporate perimeter or to enable it in a controlled fashion, our consultants are here to help.  Shameless plug aside, when your users start hacking work then IT has lost its agility and ability to enable and has become a hindrance to progress.  Wake up to the threats posed by Shadow IT and please try to tame the beast before it becomes a menace.

[#Shadow IT #GDPR # Data Protection #Hacking Work]