RANSOMWARE TRACKING MAPS

Recent problems experienced with Ransomware are evident from infections, which have occurred in 99 countries including China and Russia. The organization that was worst hit by the attack was the National Health Service in England. It was reported that there was a WannaCry programme that demanded...

What Is Shadow IT? And How Can We Manage It Efficiently?

What is shadow IT?

What Is Shadow IT?

Bring Your Own Cloud (BYOC) and Bring Your Own Device (BYOD) have changed the way that people work by putting users in control of their productivity. Employees can now obtain the capabilities they want, when they want and for as long as they want, without having to wait for IT to build it. And with tangible improvement in convenience and productivity there is no turning back now.

This is bad news for IT because this parallel IT environment, typically known as “Shadow IT,” is being created without consulting with and often without even informing IT. Suddenly, IT personnel are being asked to support technologies they have neither tested nor approved. And worse, in some cases, these technologies can violate compliance mandates and can introduce unknown vulnerabilities. So what should IT do? Should they ignore it and hope it goes away or should they put a stop to it and be viewed as an impediment to progress?

Neither is a good option! “Shadow IT” is not going away and given the distinct benefits of agility and productivity, stifling this movement is clearly not in anyone’s best interest. IT needs to embrace “Shadow IT” but ensure that the interests of the organization are not compromised. And the best way to manage “Shadow IT” it is by making your IT an integral part of the value chain.

The following are five tips for managing “Shadow IT” in the enterprise that allow businesses to take advantage of emerging technologies and IT to be able to understand and control what is added to the environment.

1: Identify ”Shadow IT”

The first step in overcoming “Shadow IT” is to identify it. Without insight into what tools users are purchasing and using at work, it’s impossible to know how to manage them. The second is controlling it. This may be accomplished through a combination of Whitelists, whereby unauthorized applications cannot be run on company issued IT assets, and notification tools that alert IT if someone does attempt to run an unauthorized app.

2: Accommodate the needs of the BU

In order to accommodate the needs of the Business Unit (BU), IT can create and share a list of approved software and applications beyond the standard issue software. This would serve as a cheat sheet for business units making their own purchase decisions. By following the list, the BU would be pre-authorized to make a purchase and IT is assured that the introduction does not cause security risks or compatibility issues. IT should also put a process in place that allows them to quickly approve/disapprove new applications actively sought by Business Units.

3: Communicate effectively

Actively communicate your Business Continuity/Disaster Recovery/Data Security and other policies so that BUs, choosing to rely on outside providers for their services, can negotiate SLAs that meet or exceed the internal availability and performance expectations. Create templates so that the BU decision makers are asking the right questions such as: “In the event of a failure of the SaaS app or hosted technology, is the data backed up? Can the data and business workflow be recovered somewhere else?

4: Implement strategy across entire organization

Creating policies in a vacuum makes it nearly impossible for sys-admins to properly manage the performance and resource issues of day-to-day operations, let alone “Shadow IT.” By implementing a strategy across the entire organization, you empower employees to come out of the shadows, and to report issues subsequent of “Shadow IT,” such as a network slowdown, and alert IT.

5: Reduce complexity

Deploy tools that enable you to monitor services running outside your physical environment, encourage your Business Unit IT professionals to use these tools. By unifying your solutions, you not only simplify the management of your infrastructure, you achieve greater insight into how your resources are being used to ultimately reduce mean time to resolve (MTTR) problems.

With some proactive readjusting, IT can enable users while mitigating and minimizing the risks that are often associated with third-party apps and services in the workplace. This ultimately will help to bring users out of the shadows of “Shadow IT.”

By Deepak Kanwar, Senior Manager, Zenoss

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as technology related infographics and comics.

SYNDICATED NEWS SOURCES

Exclusive: T-Mobile, Sprint close to agreeing deal terms – Sources

By CloudBuzz | September 22, 2017

(Reuters) – T-Mobile US Inc (TMUS.O) is close to agreeing tentative terms on a deal to merge with peer Sprint Corp (S.N), people familiar with the matter said, a major breakthrough in efforts to merge the third and fourth largest…

Hack of U.S. securities regulator rattles investors, stirs doubts

By CloudBuzz | September 21, 2017

WASHINGTON/NEW YORK (Reuters) – Wall Street’s top regulator faced questions on Thursday about its defenses against cyber criminals after admitting hackers breached its electronic database of corporate announcements and may have used it for insider trading. The incursion at the…

Leaking Cloud Databases and Servers Expose Over 1 Billion Records

By CloudBuzz | September 21, 2017

Servers Expose Over 1 Billion Records As The Wall Street Journal recently pointed out, some clients of cloud service providers such as Amazon and Microsoft are accidentally leaving their cloud databases exposed due to misconfigurations of their services. Coupled with recent headline-making…

Thales Joins the Microsoft Enterprise Cloud Alliance

By CloudBuzz | September 21, 2017

SAN JOSE, Calif., Sept. 21, 2017 /PRNewswire/ — Thales, a leader in critical information systems, cybersecurity and data security, is now a member of the Microsoft Enterprise Cloud Alliance (ECA). Designed to foster innovation and promote awareness of partner solutions, the ECA membership…

Addressing the UK NCSC’s Cloud Security Principles

By CloudBuzz | September 20, 2017

As your organization adopts more cloud services, it’s essential to get a clear picture of how sensitive data will be protected. Many authorities, from government regulators, to industry standards bodies and consortia, have provided guidance on how to evaluate cloud…

RiskVision Named 2017 Cybersecurity Breakthrough Awards Winner

By CloudBuzz | September 20, 2017

RiskVision Named 2017 Cybersecurity Breakthrough Awards Winner for Enterprise Risk Management (ERM) Software of the Year SUNNYVALE, CA–(Marketwired – Sep 20, 2017) – RiskVision, the enterprise risk intelligence company formerly known as Agiliance, today announced that the RiskVision platform has…