Fighting Shadow IT with DLP
In its 2016 top 10 security predictions, Gartner warned that by 2020 shadow IT is likely to account for a third of successful attacks experienced by enterprises. A relatively new concept that has arisen in recent years as a consequence of mounting pressure on IT departments to deliver as well as outdated company policies, shadow IT has become an uneasy element most companies either knowingly tolerate or are unaware of.
What is Shadow IT?
Shadow IT refers to applications and digital solutions not expressly sanctioned by management, but widely used in certain departments or the entire company to minimize workloads, often for the sake of convenience or as communication and collaboration tools. Slack, Evernote, Google Docs, for example, can be in many cases considered shadow IT.
There are multiple factors that have led to the rise of shadow IT. One has been the introduction of BYOD and the appearance of IoT devices that connect to company networks and rarely have policies that control their use. Employees can access company data and accounts from them without the security restrictions applied to company devices.
Another is the rise of cloud-based services that offer bigger scaling possibilities and make it easy for business users to bypass cumbersome IT procurement procedures and use technology services instantly. Common offenders of this class include SaaS, cloud file sharing, AWS cloud and Rackspace.
A third factor that leads to shadow IT comes from within IT departments themselves. Overworked and understaffed, many IT professionals resort to building programs that will lighten their workload and enable them to complete their tasks faster. This type of software is rarely brought to the attention of management and often forgoes essential security policies. IT professionals understand the risks of implementing such rudimentary solutions, but at the same time feel confident that they can handle these risks better than non-technical personnel.
How shadow IT leads to data loss
What shadow IT essentially means to data security is a host of unmonitored IT services that oftentimes circumvent company policies, without consideration for information security standards and regulatory legislation, making sensitive data vulnerable to leakage and theft and companies liable to fines for noncompliance with data regulations.
The possibilities for data loss resulting from it are therefore endless: from use of non-secure cloud services and sensitive data being easily transmitted to persons outside the company to easily hackable personal devices that contain confidential information, all data loss scenarios can be applied to shadow IT.
How DLP can help fight shadow IT
While you cannot always control the sort of applications and services your employees use in the work place, you can use Data Loss Prevention solutions to ensure the security of sensitive information. This type of solutions can be deployed on a company’s entire network and clear regulations for sensitive data can be enforced through them.
What this essentially means is that employees can be blocked from transferring certain types of files that contain information deemed to be sensitive, based on specific file types, predefined content, file name, Regular Expressions or compliance profiles for regulations such as HIPAA, PCI-DSS, GDPR, and others.
DLP software such as Endpoint Protector even offers data at rest scanning options, ensuring you can at any time scan employees’ computers for sensitive data and delete or encrypt it when found. It can also block the use of USB drives and other portable devices that fall in the shadow IT category or encrypt sensitive data when it is transferred to them.
Through DLP solutions you can address some of the vulnerabilities of shadow IT by securing your data so that no matter what services and applications your employees choose to use with or without your consent, you can rest easy.