Technology is a double-edged sword for IT. On one hand, it makes life easier with instant access to information, eliminates traditionally manual tasks, and allows us to better protect and manage the IT environment. On the other hand, it’s given a new life to rogue employees who can sign up for accounts and conduct business completely outside of IT’s line of sight and certainly out of their control.
You can’t protect what you can’t see. That is the elusive problem known as shadow IT. The challenge is gaining visibility into this hidden world, knowing the applications that are in use, and protecting company data without impacting the employee’s productivity.
This problem is largely based on the use of employee-introduced, non-sanctioned cloud apps. Last October, Ovum released research finding that 78% of IT executives say they do not control all the cloud apps their employees use for work, and a quarter say they only control half of the cloud apps being used through the organization.
With no oversight of these apps, there is little protection against the exposure of sensitive corporate data, with an unknown quantity of touch points and security behaviors outside the control of the IT team. Companies must put the right policies and technology in place to address password problems, without becoming the enemy of the employees.
Almost 68% of those surveyed by Ovum acknowledged that these open doors open the company to significant risk, whether that’s a phishing attack, ransomware, or social engineering attack. However, the challenge is how to address these risks without taking up even more time of the IT team’s already full plate.
How IT Can Take Back Control
While it can appear overwhelming to tackle the problem of shadow IT within your business, it doesn’t have to be. To help you approach this problem, we’ve provided three critical steps to get you started on taking back control of the apps and security of your organization:
- Audit your employees’ cloud apps – As we said before, you can’t protect what you can’t see, and the first step to seeing all the apps in use is to ask. Do an audit of all the apps and tools that employees are using through a survey. Even if you don’t capture everything, you’ll learn about many of the tools in use and raise awareness with employees that IT needs to be in the loop as they bring in new apps. Once you have a clearer picture of your business’ app ecosystem, start to consider Single Sign-On and password management tools to give you management over those apps that give you visibility into usage and allow you to enforce policies that keep those accounts more secure.
- Setup automated software updates – Don’t get caught with outdated software, which was the catalyst for the Equifax breach back in September 2017. This is an easy fix. Leverage endpoint management technology like LogMeIn Central, which enables you to pair the ability to push patch updates, with the ability to automate the process and setup alerts so a service is never outdated for long.
- Require multi-factor authentication (MFA) – If you haven’t already, introduce your employees to multi-factor authentication. Start with your user directory, whether it’s Active Directory, Azure or G-Suite, and require employees to add this second layer of protection to the account. Once employees are comfortable with MFA on their email, they’ll be more comfortable adding it to other apps as well.