Employees Acting as IT? Only the Shadow Knows.

Shadow-ITProduction – not malicious activity – is often the catalyst behind an employee’s use of unapproved technologies.

But the proliferation of these technologies, which are easily downloaded from the Internet or cloud applications, can lead to security and compliance risks for the organization as a whole.

Surveys suggest that many employees who download unapproved software or applications are simply trying to be more productive and see waiting on the IT staff as an impediment. This is known as “Shadow IT.”

A Frost & Sullivan study found that more than 80 percent of survey respondents admit to using non-approved Software as a Service (SaaS) applications in their jobs. And most IT departments have no idea of the scope of Shadow IT at their organizations.

What’s even worse: about 23 percent of employees in an Intel Security survey said they handle data security in their departments without ever contacting IT.

This means that many departments are using unapproved technologies that may hinder your organization’s efforts to meet defined data security practices and can put your compliance efforts at risk of being invalidated.

Here’s what you can do to help your staff come out of the shadows:

  1. Have a Security Policy: A good security policy begins with a Strategic Security Assessment. Once you know where your issues lie, you can build policies that meet your organization’s specific needs.
  2. Education: Train your staff often about what your security and compliance policies state and where they can go to refresh their memories on these policies should they have questions in the future.
  3. Allow your policy to be fluid: Provide a list of sanctioned applications and offer to evaluate new services to expand the list.
  4. Log and Monitor: Despite your efforts, some employees will still fail to follow the rules. Monitoring activities can let you know the sites employees are visiting. A Managed Security Services Provider can assist with this.
  5. Use Data Loss Prevention (DLP) software: This can be configured to restrict the flow of data to cloud apps or other locations where employees are downloading unapproved technologies.

After all, the biggest risk of Shadow IT is the unintentional disclosure of data that can result in fines, legal fees, your company’s loss of compliance and a hit to your organization’s reputation.

Sword & Shield has more than 20 years of experience helping organizations maintain the most comprehensive security posture possible. To learn how to balance your security profile with the production needs of employees, reach out to us for a free consultation.


Comments are closed.