Joel Dolisy, SVP and CTO/CIO of SolarWinds gives an overview of Shadow IT, and how it can make a difference within government IT departments…
Everyone wants the shiniest new mobile or tablet on the market, so it’s no surprise that employees are continuing to bring personal devices into the workplace. Although these devices may arguably increase productivity and connectivity, this influx of technology into people’s lives makes them think they know best, even when unauthorised devices or software can create major challenges and wreak havoc for the IT team.
‘Shadow IT’ is the term referring to the IT systems, solutions and services used by employees in an organisation without the approval or knowledge of the IT department. According to a SolarWinds survey, Shadow IT was ranked second among the areas that IT departments have least control over, and this threat will continue to grow as 58% of survey respondents expect an increase in its use over the next 2 years.
With the popularity of mobile technology and devices so pervasive that everybody believes they need to be able to use them anytime and anywhere, the IT department is often kept in the dark about these technologies, losing control of the cyber environment is expected.
Understanding the tech know-it-all
As employees seem willing to compromise their security by using their own devices, government IT professionals need to identify the reasons behind the use of other devices to allow IT to address them and keep the network safe and secure.
With the need to feel empowered to have access to the latest gadgets, to be connected at all times and feel ahead of the tech-curve, employees often believe that they know better than their IT counterparts on what they need to do their job. Furthermore, security has always taken a backseat to convenience, as employees enjoy being able to use their own devices without considering the potential cyber security risks.
By gaining a better understanding of the end user, government IT pros can better identify the triggers to unsecure mobile device use and develop safe practices while ensuring their employees’ technological needs are being met.
In order to better secure government IT environments, a focus on an active management of endpoint security is required. Rather than burying their heads in the sand, IT professionals need to use network management software to identify unauthorised apps before they start causing problems.
An overview of what devices are connected to the network, what they are accessing and to whom they belong is crucially important. While micromanaging everybody on the network is not necessary or realistic, proactive IT monitoring can enable employees to continue to explore new mobile technologies while still maintaining security.
Awareness and network management
In addition to proactive monitoring, IT pros can tackle shadow IT by educating employees about potential dangers to the business, as well as vigilantly managing and monitoring access to the network.
Awareness campaigns are excellent tools to educate employees about their mobile technologies and potential threats to cyber security. The IT department should encourage best practice in terms of making it necessary for devices to be regularly patched to use the latest versions of protocols. This will help IT professionals to ensure that systems aren’t vulnerable to unauthorised and insecure devices.
Network management ensures protocols are up to date. Government IT pros must be aware of the importance of having strong policies in place for controlling access to their networks. These policies help IT professionals track who uses the network, how they access the network and what devices they use. In fact, research showed that organisations who use management and monitoring software are significantly more confident than those who do not, in terms of their ability to protect against the negative consequences of shadow IT.
Sharing best practice
Each level of government has its own perspective on cybersecurity and threats. However, the ability to safeguard networks and infrastructure exponentially increases when different levels combine resources, improving the overall response efforts with more manpower and better technology.
By keeping tabs on business cycles, strong partners can be identified to make for better problem solving. Organisations can keep up-to-date on cyber risks and mobile technology by learning best practices from third party organisations and identifying common vulnerabilities.
Shed light in the shadows
Government IT pros must actively manage and monitor behaviours and best practices in order to move towards access of newer technology and devices which, in the end, will make the employees happy. The best way to tackle Shadow IT is to shed some light onto the issue by embracing new technology within a secure and satisfied organisation.
SVP and CTO/CIO