Intelligent CISO Issue 52 - Page 74

Shadow IT means any unmanaged IT systems used by employees beyond the radar of IT and security teams . debt . The consequences are an increased cyberattack surface and significant additional costs .

CONTAINING AND SECURING SHADOW IT AND TECHNICAL DEBT

Joseph Carson , Chief Security Scientist , Delinea , outlines some typical examples of shadow IT that organisations should watch out for to maintain their own security .
o curb shadow IT

T effectively , you have to be aware of the environment in which it arises and why employees choose to use unmanaged apps and services .

With the rise in remote and hybrid work , the number of devices , apps and accounts that organisations must monitor has skyrocketed . With a massive increase in so-called shadow IT , comprehensive visibility has often been completely lost .
With staff driven to solve unexpected challenges at short notice , IT departments have also been accumulating technical

Shadow IT means any unmanaged IT systems used by employees beyond the radar of IT and security teams . debt . The consequences are an increased cyberattack surface and significant additional costs .

Despite the seemingly inevitable nature of these trends , they can be reversed and brought under control with the consistent implementation of transparency , automation and integration .
Shadow IT means any unmanaged IT systems used by employees beyond the radar of IT and security teams . These include cloud accounts , messaging apps and hardware such as laptops or smartphones used without the knowledge of those responsible for IT .
To curb shadow IT effectively , you have to be aware of the environment in which it arises and why employees choose to use unmanaged apps and services . Here are some typical examples of shadow IT that organisations should watch out for .
1 . Remote and hybrid work
To be fully productive in remote and hybrid work environments , employees need a variety of collaboration tools , typically hosted in the cloud , that are not found in their protected office environments .
With most staff working from home at the start of the pandemic , in some cases completely unprepared , many employees resorted to new and unapproved tools . As a result of these uncontrolled and sometimes insecure services , organisations were exposed to a massively increased attack surface .
Remote workers often have administrative access to local workstations and applications . If a cyberattacker manages to gain access to a device with local administrator rights , they can use this to steal passwords , install malware or exfiltrate data . They may even be able to elevate
Joseph Carson , Chief Security Scientist , Delinea
74 www . intelligentciso . com