mcafee.com/activate: When I heard the term “Shadow IT”, the first thing that came to my mind was the League of Shadows of Ra’s al Ghul. What is Shadow IT? It is a term used to describe systems and information technology solutions built and used within organizations without explicit approval of the organization.
Shadow IT is relevant to IT professionals, as well as to everyone else. Today, IT professionals will talk about us.
In our workplace, our roles have grown from the description of conventional work. Now we must use multiple hats. We usually use many different tools and software that help us with the tasks we need to accomplish. Sometimes, the tools and software we use may be compromised or the websites from which we download may package malware with the software.
There is a great impact of Shadow IT. A recent EMC study suggests that data loss and downtime cost a total of $ 1.7 billion each year. Many companies would be paralyzed if confidential data were leaked. Data loss and downtime can occur if we download software or run a tool that can include a cryptolocker and start encrypting files on the file server.
Organizations have guidelines on how the new software is presented to the environment. There is a process in place where adequate tests are performed in a sandbox environment before it is introduced into production. When we omit these procedures, we run the risk of possible threats and attacks on the environment. This increases the risk of data loss and compromise.
We need to accept Shadow IT. We need to educate ourselves more as IT members of any organization. We need to train the members of our team and keep in mind that we all have elevated privileges.
Software standardization should be implemented. We should all be in the same updated versions. Best practices should be in place when new servers or applications are introduced into the network. Passwords should never be configured as default, annotated or stored in an unencrypted file. We should never use our personal accounts to run any service and service accounts should not be allowed to log in interactively.
Change management processes should also be implemented. There should be a structured structure to track changes. With proper change management, we can have controls and balances to avoid problems that may arise. Proper documentation and cross-training with controls and balances in place can minimize Shadow IT in the workplace. There will always be a threat. Either from the IT department or other employees.
We, as professionals in the field of IT, have a duty to be responsible and ethical.
This article was written by Christopher Frank of Forbes and obtained a legal license through the network of editors NewsCred.