Intelligent CIO APAC Issue 28 - Page 77

t cht lk

t cht lk

4 . Fast production cycles
Joseph Carson , Chief Security Scientist , Delinea
With the increasing pressure to work quickly and efficiently , developers and DevOps teams are increasingly forced to sacrifice security for speed .
This favors shadow IT . For example , developers quickly set up instances in the cloud and just as quickly take them down again . The problem is that data goes live in the cloud environment without IT or security teams knowing about it .
Policies to help IT take back control
Unless IT can provide all employees with access to the secure tools and seamless workflows they need , there is a risk that they will take matters into their own hands and deploy their own solutions .
If shadow IT is to be contained in the long term , IT and security teams must be able to balance requirements for security and data protection with needs for productivity . This works best with the introduction and consistent enforcement of guidelines and control solutions .
Most importantly , solutions should operate automatically and in the background , not only to ensure security but also to avoid friction losses in work processes .
For an initial ‘ clean up ’, it is advisable to use a tool that reliably detects all malicious , unsafe and unknown applications and programs in the organization ’ s network and makes it possible to delete or check them . A tool that identifies any passwords stored in the browsers of all Active Directory users is also mandatory .
In addition , policy-based application control should be deployed , making it possible to automatically check applications that users want to download against lists of trusted applications or the latest threat data on suspicious applications . It should be ensured that each unknown , untrustworthy application is first automatically pushed into a sandbox for further examination before it is used .
Why technical debt also creates Shadow IT
What ’ s often overlooked in the shadow IT discussion is that it affects not only business users and developers working outside of IT security , but also IT teams . This is especially true when the different teams do not work together in a co-ordinated manner .
This lack of co-ordination often leads to technical debt . This is the extra effort that comes when teams focus on
short-term , simpler solutions rather than investing time , effort and capital in a long-term approach .
It is not uncommon for IT departments to make last-minute decisions about solutions , rely on singlepurpose tools or purchase multiple , siloed products to quickly resolve problems as they arise and keep the business running .
However , they often save at the wrong end . Technical debt can become a very costly proposition , which is especially critical for companies with tight budgets and limited resources . The short-term , seemingly small expenses often result in high costs for renewal , maintenance , training and upgrades .
In addition , the tools are usually inconsistent and can only be integrated to a limited extent . User-dependent systems also become a problem , since other colleagues or superiors are often unaware of their existence . After the responsible employee leaves , the systems are often forgotten and increase the ‘ digital shadow ’.
Effectively reducing technical debt requires IT departments to think strategically and make decisions that align with an organization ’ s long-term focus . It is important to future-proof cybersecurity , moving away from point solutions and instead embracing featurerich technologies that can grow with the business and add value over time .
Visibility , automation and integration play essential roles in curbing shadow IT and technical debt . Organizations that take a consistent , long-term approach to these challenges will not only minimize their attack surface but also improve user experience and productivity . p
www . intelligentcio . com INTELLIGENTCIO APAC 77