Intelligent CIO North America Issue 25 - Page 76

t cht lk

t cht lk

To curb shadow IT effectively , you have to be aware of the environment in which it arises and why employees choose to use unmanaged apps and services .
1 . Remote and hybrid work by organizations , which is often the reality , a large security gap arises .
Browsers often prompt users to store sensitive login credentials , passwords or credit card information , and hackers know how to exploit this vulnerability . They see unmanaged browsers as an ideal opportunity to steal critical information and access enterprise systems and databases or make fraudulent payments .
3 . Productivity apps
To be fully productive in remote and hybrid work environments , employees need a variety of collaboration tools , typically hosted in the cloud , that are not found in their protected office environments .
With most staff working from home at the start of the pandemic , in some cases completely unprepared , many employees resorted to new and unapproved tools . As a result of these uncontrolled and sometimes insecure services , organizations were exposed to a massively increased attack surface .
Remote workers often have administrative access to local workstations and applications . If a cyberattacker manages to gain access to a device with local administrator rights , they can use this to steal passwords , install malware or exfiltrate data . They may even be able to elevate privileges to gain access to the entire corporate IT environment .
2 . Unmanaged Browsers
Most work is now performed using Internet browsers , and many users have two or more of them running on their machines . If these browsers are not managed
Third-party productivity apps that enable users to complete tasks effectively and quickly are becoming increasingly popular . Whether downloaded to a device or browser-based , the organization faces new risks if they are downloaded and installed without verification by the IT department .
Users are often unaware that even popular apps often lack the necessary security controls or are not updated as frequently as the company ' s security policy requires . Not infrequently , sensitive data is stored in all sorts of repositories , and critical business information is potentially exposed . At the same time , the software may have conflicting security models that don ' t align with corporate policies for access control or data usage .
4 . Fast production cycles
With the increasing pressure to work quickly and efficiently , developers and DevOps teams are increasingly forced to sacrifice security for speed .
This favors shadow IT . For example , developers quickly set up instances in the cloud and just as quickly take
76 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com