Shadow IT is a huge and growing problem. Organizations must find the right balance of policy, processes and supporting technologies in order to regain visibility into the endpoint and the cloud where data is living in the ‘Shadow,’ all without becoming overtly restrictive and re-enforcing the negative-yet-well-meaning behavior that led to the growth of Shadow IT in the first place!
IT Business Edge polled a series of security leads on their perspectives on the risky behaviors that lead to Shadow IT. As Phil Richards, CSO of LANDESK, notes: “the existence and growth of shadow IT is usually a sign that the central IT organization is not meeting the needs of the business,” with business units and individuals making their own purchase decisions without the involvement of IT in order to become more productive, leading to the presence of data assets outside the control of IT.
Whether it’s downloading popular apps, using cloud storage applications or personal accounts, there are a myriad of risks identified by this report. Shadow IT remains a major risk because IT lacks visibility and control; if you don’t know where data is, you cannot protect it… indeed, you may not even know it has been breached. Shadow IT exacerbates many data security issues, from insider threats, malware, phishing, credential compromise and cyber attacks. As the 2016 Shadow Data Report demonstrates, organizations are using 841 cloud apps, almost all of which lack enterprise-grade security, with the Shadow use only exacerbating these shaky security foundations.
As Richard Henderson, Absolute’s own Global Security Strategist noted in the article, Shadow IT doesn’t just live in productivity apps and cloud storage, it also lives in social media:
“Popular applications like Twitter, Facebook and Skype are risky applications to add to a user’s device. These three applications alone are responsible for a significant amount of malware and information leakage, albeit almost unintentional.”
Shadow IT is a major crack in data security, one that needs immediate attention. As Richard has noted in another recent article, “attackers are not going to stop probing your infrastructure for cracks for even a moment,” so it’s time to regain control over the Shadow.
Absolute is helping confront the dangers of Shadow IT, detecting at-risk data stored on the endpoint or in cloud storage applications. Absolute Endpoint Data Discovery (EDD), which comes as part of Absolute DDS, scans for sensitive data, reducing your potential blindspots, with remote capabilities to wipe data and remediate security threats. To learn more, get started with your free evaluation version of Absolute DDS today.