Post 'Clintongate': 3 Ways to Mitigate Shadow IT

By TechZone360 Special Guest
Asaf Cidon, Co-Founder & CEO, Sookasa
April 01, 2015

No matter what the consequences, people are going to use the technology that is easiest, most trusted, and most familiar to them. 

So it should come as no surprise that even Hillary Clinton relied on her personal email account while performing the duties of Secretary of State. Of course she’s high profile, but her own boss has made no secret of giving presidential preference to a BlackBerry.

What can enterprises learn from 'Clintongate'? The first lesson is that unapproved use of technology within organizations is known as “shadow IT,” and it’s here to stay. 

Employees become familiar with, even devoted to, products and platforms, and you’ll get their Dropbox when you pry it from their cold, dead hands. Because they’re knowledgeable technology users, circumventing security protocols to use consumer products in enterprise environments is rarely a problem. Convenience (or in Clinton’s case, trust), means that the familiar often trumps the secure.

Records retention, legal compliance and business security can all suffer when employees rely on shadow IT. Even when employees attempt encryption, et cetera, the stakes are high--particularly in the public sector. Unfortunately, email is far from the only offender.

Image via Shutterstock

Government enterprises are vulnerable to everything from LinkedIn to Twitter, apps that (may) have legitimate social media marketing and recruitment uses, but that also open the door to attackers. Blocking isn’t the answer: any employee worth their salary knows how to open a Dropbox account using their Gmail address. (A survey by Skyhigh Networks revealed that while IT managers believe they’re blocking 80 percent of Dropbox use, the actual rate is 16 percent.)

Although consumer applications are attempting to increase security, CIOs/CSOs should still seek to bring shadow IT apps into the open and mitigate risks with solutions that are agile and flexible; meeting the needs of the business and its employees.

Here are three ways to mitigate Shadow IT:

  1. Build better safeguards into the tools that workers already use. The past decade has taught us all that employees are not going to adapt to cumbersome and difficult security protocols. This puts the burden on security to become more seamless in the enterprise and in the lives of the employees. Organizations win when they keep the user experience native—establishing stringent security protocols and features within apps that users already employ. Employees continue to go about their business while IT finally retains the levels of security and control the company requires.  

  1. Practice ‘no device left behind.’ Putting the best protection on your infrastructure will amount to naught if your junior accountant loses his unprotected iPhone at a bar, exposing company financials in the process. This cues back to protecting the tools that workers already use. Make sure that a) your security protocols include the main consumer tools and b) that your employees are using those tools on their mobile devices. You can’t stop employees from losing devices, but you can make sure any of the company data on those devices is safe.

  1. Manage permissions. It may seem obvious that IT would want to oversee and adjust permissions for each worker who deals with company data. But not all enterprise products give you full control of permissions; in the age of the mobile worker, this should be a top priority. If we span back to the abandoned iPhone at the bar, an IT admin can simply turn off that worker’s data access, doubly ensuring that nobody can get in.

Can someone please send an email about all that to Mrs. Clinton?

About the Author: Asaf Cidon is the Co-Founder & CEO of Sookasa, a secure platform for sharing data in the cloud.

Edited by Dominick Sorrentino
Related Articles

6 Challenges of 5G, and the 9 Pillars of Assurance Strategy

By: Special Guest    9/17/2018

To make 5G possible, everything will change. The 5G network will involve new antennas and chipsets, new architectures, new KPIs, new vendors, cloud di…

Read More

Putting the Flow into Workflow, Paessler and Briefery Help Businesses Operate Better

By: Cynthia S. Artin    9/14/2018

The digital transformation of business is generating a lot of value, through more automation, more intelligence, and ultimately more efficiency.

Read More

From Mainframe to Open Frameworks, Linux Foundation Fuels Up with Rocket Software

By: Special Guest    9/6/2018

Last week, at the Open Source Summit, hosted by The Linux Foundation, the Open Mainframe Project gave birth to Zowe, introduced a new open source soft…

Read More

Unified Office Takes a Trip to the Dentist Office

By: Cynthia S. Artin    9/6/2018

Not many of us love going to see the dentist, and one company working across unified voice, productivity and even IoT systems is out to make the exper…

Read More

AIOps Outfit Moogsoft Launches Observe

By: Paula Bernier    8/30/2018

Moogsoft Observe advances the capabilities of AIOps to help IT teams better manage their services and applications in the face of a massive proliferat…

Read More