Intelligent CISO Issue 52 - Page 76

However , they often save at the wrong end . Technical debt can become a very costly proposition , which is especially critical for companies with tight budgets and limited resources . The short-term , seemingly small expenses often result in high costs for renewal , maintenance , training and upgrades .
In addition , the tools are usually inconsistent and can only be integrated to a limited extent . User-dependent systems also become a problem , since other colleagues or superiors are often unaware of their existence . After the responsible employee leaves , the systems are often forgotten and increase the ‘ digital shadow ’. that they will take matters into their own hands and deploy their own solutions .
If shadow IT is to be contained in the long term , IT and security teams must be able to balance requirements for security and data protection with needs for productivity . This works best with the introduction and consistent enforcement of guidelines and control solutions .
Most importantly , solutions should operate automatically and in the background , not only to ensure security but also to avoid friction losses in work processes .
For an initial ‘ clean up ’, it is advisable to use a tool that reliably detects all malicious , unsafe and unknown applications and programs in the organisation ’ s network and makes it possible to delete or check them . A tool that identifies any passwords stored in the browsers of all Active Directory users is also mandatory .
In addition , policy-based application control should be deployed , making it possible to automatically check applications that users want to download against lists of trusted applications or the latest threat data on suspicious applications . It should be ensured that each unknown , untrustworthy application is first automatically pushed into a sandbox for further examination before it is used .
Why technical debt also creates shadow IT
What ’ s often overlooked in the shadow IT discussion is that it affects not only business users and developers working outside of IT security , but also IT teams . This is especially true when the different teams do not work together in a coordinated manner .
This lack of co-ordination often leads to technical debt . This is the extra effort that comes when teams focus on short-term , simpler solutions rather than investing time , effort and capital in a long-term approach .
It is not uncommon for IT departments to make last-minute decisions about solutions , rely on single-purpose tools or purchase multiple , siloed products to quickly resolve problems as they arise and keep the business running .
Effectively reducing technical debt requires IT departments to think strategically and make decisions that align with an organisation ’ s long-term focus . It is important to future-proof cybersecurity , moving away from point solutions and instead embracing featurerich technologies that can grow with the business and add value over time .
Visibility , automation and integration play essential roles in curbing shadow IT and technical debt . Organisations that take a consistent , long-term approach to these challenges will not only minimise their attack surface but also improve user experience and productivity . u
About the author
Joseph Carson is the Chief Security Scientist and Advisory CISO for Delinea , a leading provider of privileged access management ( PAM ) solutions for seamless security . Carson has over 25 years ’ experience in enterprise security , is the author of Privileged Access Management for Dummies and Cybersecurity for Dummies and is a cybersecurity professional and ethical hacker . He is a cybersecurity advisor to several governments and the critical infrastructure , financial and transportation industries .
76 www . intelligentciso . com