An excellent article about departmental or so-called Shadow IT today… formerly called “departmental”, along with direct hacking and third-party breaches it is one of the top three threats to corporate data.
Shadow IT is defined as “systems, software, or applications that individuals in an organization use on a regular basis without the knowledge of executive leadership or the IT department”. The article claims it “represents one of the biggest cybersecurity risks on the horizon” because central IT and security can’t “protect gaps that it doesn’t know exist”.
The author notes cloud file storage is particularly problematic, because after all – that’s where most of the most sensitive data a user can upload into cloud storages in a single action.
To remediate the risk of that going wrong, the key is to apply governance: “establishment of internal policies and procedures designed to educate employees about the dangers of shadow IT usage, and potentially establish penalties should they do so. This could cover areas from the use of third-party cloud storage services and USB devices to establishing procedures for handling company data on their mobile devices”
The article goes on to note that training is essential. In our view, it’s more important to take centralized controls. Platforms like e-Share can be used to provide users with a single view of cloud storage, and surface activity and risk across the organization to administrators. Policies can be centralized, regardless of how they’re invoked – from the web, email or enterprise collaboration apps of all kinds. As can mandatory use of encryption and sophisticated key management, or restriction to corporate only devices.
Learn more about how e-Share can provide the governance layer that protects your organization from Shadow IT and “app sprawl” here: https://www.e-share.us/compliance-and-governance