How to combat the risks of shadow IT with secure messaging

How to combat the risks of shadow IT with secure messaging Dr. Galina Datskovsky, CRM, FAI and serial entrepreneur is an internationally recognized privacy, compliance, and security expert. Galina is currently the CEO of Vaporstream®, a position where she applies her knowledge and strategic guidance in building businesses, product development, governance policies, as well as cyber security. Prior to Vaporstream, Galina served as CEO of Covertix, North America; Senior Vice President of Information Governance at Autonomy/HP; and as General Manager of the Information Governance Business Unit and Senior Vice President of Architecture while at CA. She joined CA in 2006 with the acquisition of MDY Group International, where she was the founder and CEO. In addition, Galina currently sits on the advisory board of the Executive Woman’s Forum and is part of the Voice Privacy Alliance. She is a champion of the entrepreneurial spirit as she has served on the board of multiple startups, assisting with strategy and continues to support the startup community. Galina served as Chair, President, President Elect and Director of ARMA International (2007-2013) and has been widely published in academic journals, speaking frequently for industry organizations such as AIIM, ARMA SINET, EWF, ILTA, IQPC and MER. Throughout Galina’s career she has been the recipient of numerous awards. Most notably she was designated a Distinguished Engineer while at CA (2006-10), was the recipient of the prestigious Emmet Leahy award (2013) and was named a Fellow of ARMA International (2014) Prior to founding MDY, Galina consulted for IBM and Bell Labs and taught at the Fordham University Graduate School of Business and the Graduate School of Arts and Sciences at Columbia University. She earned her doctoral, master’s and bachelor’s degrees in Computer Science from Columbia University.

With the increasingly frequent and damaging security breaches in the news today, the natural tendency for IT professionals is to run back to the data centre and patch, upgrade, test and make sure that all business data and, therefore, the corporate reputation, is safe. While corporations continue to lock down the enterprise and its users, they often forget one important factor – employees have their own powerful computing devices, their mobile phone.  

Generally, employees will stop at nothing to make their jobs more convenient and efficient, despite the pesky obstacles put in front of them by the corporate cybersecurity team. It’s similar to comparing users to water and the IT security teams to a rock placed in its path. Water will always find a way to get around the rock and continue flowing forward.

One of the ways that the “flow” continues is via shadow IT, which is technology deployed in an organisation without the approval of the IT department. Over recent years, shadow IT has evolved from the threat of employees using unauthorised applications to employees using personal devices for work purposes. Shadow IT brings new security and compliance issues to an organisation, as the technology is not subject to the same security processes and procedures that are applied to approved solutions.

Since most employees essentially carry a computer in their pocket in the form of their cell phone, it is easy to download apps that enable them to do their jobs easier, even though those apps may not be sanctioned and could throw the enterprise out of compliance.

CIOs must stay on top of the needs of the business and the users, and provide staff with easy-to-use sanctioned solutions that can minimise the need for shadow IT

Unapproved apps can also significantly increase an organisation’s risk of cyberattack, as Gartner predicts a third of successful attacks experienced by enterprises will be on their shadow IT resources by 2020. Further, according to eSecurity Planet, "enterprises face a far greater threat from the millions of generally available apps on their employees' devices than from mobile malware."

Shadow IT was born because it has become so easy to download an app or use a home laptop for both work and personal use as a way around what is perceived to be an obstacle to productivity.

This doesn’t mean that employees are trying to be malicious, they simply have more access to ease-to-use, easy-to-deploy technology at their fingertips. In addition, they may simply not know the risks proliferated by the activity on their personal devices.

Maintaining efficiency and security

Organisations may be under the impression that they can prevent risky app downloads through corporate policies and mandates. However, the question remains – will employees actually follow these rules? For example, most enterprises, especially those with compliance requirements, will often completely disallow texting. Despite the policy, according to Seyfarth Shaw LLP, even if email is the sanctioned form of communication in the workplace, employees will text.

Organisations must have a clear and obvious way to enforce or monitor policy compliance, including how employees communicate over text.  In many situations, employees download free apps like WhatsApp to communicate in confidence, which is often not sanctioned. The reality unfortunately is that “in confidence” is only partially true, since once delivered, the recipient of text has the information stored on their device, can forward it to anyone, or post it on Facebook for the world to see. Once “send” is hit, control is lost. Organisations risk data breaches and compliance issues by allowing such unsecure applications to be utilised.

On the other hand, by deploying an approved, secure texting solution, the enterprise can embrace the need to discuss sensitive matters via text. Today’s modern secure messaging solutions ensure that communications are secure, confidential and compliant to meet enterprise requirements. With a secure messaging platform, users can still leverage the convenience and instantaneous nature of texting, while accommodating the enterprise’s needs.

CIOs must stay on top of the needs of the business and the users, and provide staff with easy-to-use sanctioned solutions that can minimise the need for shadow IT. Organisations must then also realise that:

  • Policies need to be enforceable and reasonable
  • Training must be given to the user community on a continuous basis
  • Employees should be encouraged to bring apps that can help business productivity to IT’s attention

The bottom line? In today’s mobile-driven environment, IT must be seen as business enablers, not the rock in its path. in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *