Dealing with shadow IT | #ebizradio | #Technology | Lutz Blaeser

BizTechno-on-BizRadio-600x250.jpg

It’s common knowledge that the war against cyber crime is not being won, and that the security industry is playing a catch-up game at best. In fact, it is many security professionals’ assertion that we cannot keep threats out of our networks, and thus we need to focus on containment and mitigation only.

cyber-crime

Lutz Blaeser, MD of Intact Security, believes relinquishing importance on prevention is a bad idea, and equates to surrendering the cyber war. “In the info security world, however, we are definitely seeing a move towards network security, governance and vulnerability management.”

He says some success is being seen in terms of protecting networks and data, but improvements are needed. “Even as we work towards better security, and more advanced tools, hackers are coming up with more sophisticated and cunning weapons with which to bypass them.”

Moreover, he says in conjunction with the growing threat from outside entities, we are dealing with an increased threat from within, that of shadow IT. Shadow IT is a term used to describe tech systems and solutions that were created and applied within organisations, without their approval.

“It usually starts when a department within the business feels hampered by what they see as the technical department’s failure to provide them with what they think they need, and they go off and create their own solution, without technical knowledge. IT will only become aware of this once a technical issue occurs, or when integration with other application within the enterprise is needed. As you can imagine, this causes many headaches for the technical team.”

According to Blaeser, the buck ultimately stops with the IT department, whether this is fair or not. However, in the event of a security incident, IT will have to deal with the CEO, regardless of who may be at fault. “The challenge, of course, is how to find and secure all these shadow IT applications within the enterprise.”

Lutz Blaeser, MD of Intact Security

Lutz Blaeser, MD of Intact Security

Understandably, few technical departments have the resources to handle the multiple requests that all these applications and users would generate, but a plan needs to be made, as the fallout should a breach occur due to shadow IT could be catastrophic, he states. While there is no silver bullet to fight the shadow IT problem, there are several measures IT can take to minimise the problem and identify any problems before they become a major threat.

Firstly, he advises to monitor outbound traffic, as this is the best way to ensure you know what is going on inside your company. “Firewalls focus on incoming traffic, but can be configured to keep logs on outgoing traffic too, and once you know where the traffic is going, you are better placed to pinpoint any applications you were unaware existed. Moreover, once you are better aware of outgoing traffic, you are better able to control it.”

In addition, he says user education is vital. “Most employees have a vague idea of the risks, but are quite happy to ignore them. Others are completely ignorant, and have no understanding of the situation. Educate your staff on security in general, and make shadow IT a part of that discussion. Do not leave executives out of this training and education. Once C-level executives are aware of the dangers of shadow IT and the potential fallout it could cause, they are far more likely to come on board and help control the problem.”

Behind the screen….. Intact Software Distribution is a dedicated software distributor focusing on providing a full range of security software solutions, coupled with the service performance and know-how of an experienced and specialised solution provider.

http://intactsoftwaredistribution.co.za/

intact-security-logo

About eBizRadio

eBizRadio is a live multi- platformed social media service providing an online forum to the business community for holding conversations on the key issues related to specific businesses as well as availing a space for cross-business collaboration in response to key issues affecting the world of business. The place to go if you want to know about business and lifestyle
Don't be shellfish...Share on Reddit
Reddit
0Tweet about this on Twitter
Twitter
Share on Facebook
Facebook
0Email this to someone
email
Share on LinkedIn
Linkedin
eBizRadio

eBizRadio

eBizRadio is a live multi- platformed social media service providing an online forum to the business community for holding conversations on the key issues related to specific businesses as well as availing a space for cross-business collaboration in response to key issues affecting the world of business. The place to go if you want to know about business and lifestyle

scroll to top

Login

Please enter the correct answer: *


Register | Lost your password?