http://www.computerworld.com/article/2975024/data-security/the-security-and-risk-management-of-shadow-it.html
By Robert C. Covington
Computerworld
Aug 24, 2015
Most would agree that we in the information security industry are fighting
an uphill battle. Many have even taken the extreme position that we cannot
keep intruders out of our networks, so we should give up and focus on
containment, an argument I strongly objected to in an earlier post, "Are
we surrendering the cyberwar?" Regardless of your position on how best to
control the threat, I think you will agree that it is a difficult problem
to address.
In the world of corporate IT, I have seen a definite shift toward better
focus on network security, vulnerability management and governance. We are
having success in locking networks and data down, even as more improvement
is needed. Even as we succeed in deploying better security controls for
the assets we know about, we are facing a growing threat from within — the
challenge of shadow IT.
According to Techopedia, the term "shadow IT" "is used to describe IT
solutions and systems created and applied inside companies and
organizations without their authorization." The phenomenon usually begins
with an enterprise department or team getting frustrated with the IT
department's perceived inability to deliver what they think they need,
when they think they need it. As a result, they go off and do their own
thing, usually without the knowledge of IT. The problem usually continues
with IT unaware, until technical problems develop, or until integration
with other corporate applications is needed. When IT is brought into the
loop by users now needing help, it is not usually viewed as a pleasant
surprise by the CIO or IT director.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
