Imagine your boss reads about Shadow IT before you have a chance to take control of the situation. It's not ALL bad news. You can refer her to this article, that talks about the upside of Shadow IT in your organization. The big plus is that "Employees are more productive when allowed to use preferred technologies."
https://www.entrustdatacard.com/pages/shadow-it It is still necessary to take control because the video still claims that Shadow IT will be responsible for 1 in 3 data breaches, amounting to billions of dollars of losses for companies. Good luck !
0 Comments
The identification of Shadow IT is not new. Some writers believe it can constitute 30 to 40 percent of the total IT spend of an organization. https://www.quickbase.com/blog/5-shadow-it-statistics-to-make-you-reconsider-your-life points out that unmanaged use of IT renders the entire organization vulnerable to attack from external groups as well as random leakage of internal corporate data to the outside world. This is particularly likely with the proliferation of cloud services purchased by employees and paid for by a manager's credit card. Boom! Who's doing the security audit on that? Probably nobody.
Suggestion: have Accounting or Purchasing produce a list of credit card or purchase orders paying Amazon, Google Cloud, Microsoft, Apple, Dropbox, Box, MEGA, or any service provider selling cloud based services, and verify that the use of such services are actually approved by IT and security teams. That is one piece of low hanging fruit that should be grabbed right now. The only reason you might delay this discovery is because you don't want to know how bad things are. Good luck! Djilpmh Pi gave a talk on topics related to Shadow IT at the November meeting of ISSA New England. Great to see and meet five students who made the trip from Champlain College to attend this meeting. And thanks to this ISSA Chapter for welcoming me to talk about this topic which otherwise remains in the shadows.
We put a lot of trust and confidence in the core products that support our businesses. But what if a clever attacker were able to compromise a system admin's workstation, and gain superuser privileges on such internal systems as email, messaging, and collaborative platforms (say in the Windows world, Outlook, Skype, and SharePoint). The attacker is now embedded deep in the system with alternate admin accounts, and is reading everything you're doing.
How do you recover or even plan how to remove the infiltrated attacker, when they can see every email and message? If you have a disaster recovery plan to respond to that ugly scenario (do you believe it won't happen?), it could well be to communicate (hopefully securely) over methods that are not visible to the internal IT system. Online systems such as https://riseup.net/ in normal situations are undesirable because their communications are not directly visible to the corporate IT and Security teams. But if those core IT systems have been compromised, a "Plan B" for at least a subteam or leadership team should use tools that are not transparent to the attackers who now own your internal IT and security. In the place where you can select how much you want to pay for this book, there is a slider for the price, what the author gets paid, and what the "cause" gets. The "cause" I have selected is the EFF, the Electronic Frontier Foundation. https://eff.org If you are not already familiar with this organization they strongly support user rights and privacy, and deserve a lot more than I've allocated. But everything starts somewhere, right?
You may have noticed that the cover image is a shot of a stand of trees. It's actually on the walk up Horn Pond mountain (ok more of a hillock). There are several attempts at "bad pun" here:
1) I want you to see the forest AND the trees. The big picture and some of the details. 2) It is also inspired by a recent book I read, by Cixin Liu - The Dark Forest, it is the second book in a trilogy starting with The Three Body Problem. Science fiction, all 3 are tomes. But fascinating reading. The Dark Forest concept is that while humans stomp through a forest, we rarely see anything in it, and it's easy to think we're in the forest by ourselves. But if you are quiet and watch a bit, you will easily see that the forest is teeming with life: both predators and prey. Humans are uniquely stupid in assuming nobody else is out there -- as exemplified by the fact we have no qualms about broadcasting radio and other signals into space willy-nilly. One way to look at this is: we are telling the universe "Hey, there's lunch here, come visit and take it, enslave a planet ..." The other lesson is something we can tell our kids (and friends even if they are not kids): the internet is a dark forest, teeming with predators, and if you're not careful about spewing your personal information everywhere, you will become the prey. Seriously. Something to start thinking about taking on a mindset to change one's behavior interacting with social media and everything else on the internet. It's time. There is always room for improvement but delay has its price too. The Leanpub platform provides updates to the books for free, so as new topics are added and corrections made, people who purchase the book will have access to updated information. Meanwhile this blog will be a means to receive feedback. I hope you find it useful.
Parts 1, 4, and 10 are available in the free sample. |
AuthorDjilpmh Pi has been tracking the spread of Shadow IT for some time. This collection lists some of the most egregious examples. He Archives
January 2020
Categories
All
|