You are losing company data without knowing it – Shadow IT

by | Mar 24, 2016 | Security | 0 comments

Losing company data is a potential nightmare. It can sneak up on you, without you realizing it, often through “shadow IT” – software that’s in use within your company that innocently makes its way into your systems and processes without taking security needs into consideration.

Do you know where your data is? Or how it’s leaking from your company?

Do you have a complete view of all the places your data exists, or which software products have access to it?

Shadow IT – one of the gateways to losing company data

Shadow IT—IT solutions and systems used within an organization without its authorization–is prevalent and rising. How does it impact you?

Conventional wisdom is that CIOs direct the IT process, which in turn drives employee capabilities within the organization. Today’s reality is that “90% of CIOs worldwide find themselves bypassed by line-of-business in IT purchasing decisions sometimes and 31% routinely” (Logicalis CIO Survey, 2015).

Here are a few eye-opening statistics regarding the business risk surrounding Shadow IT:

  • 63% of respondents send work documents to their personal email address so they can access them from home
  • 35% of employees work around their organization’s established security policies and procedures to get their job done (Source – RSA: The Untold Insider Threat)

But the largest data threat might not be what you think:

  • 81% of organizational data is lost, disclosed, or stolen vs. 7% that is hacked.

Today’s cloud providers and app stores are filled with tantalizing options for productivity enhancements and the latest wiz-bang features…but who’s minding (or mining) the storage of your business data?

cloud-storageFor example, the use of any of the popular storage providers (Box, Dropbox, Google Drive and OneDrive) increases the likelihood of ‘unofficial’ and uncontrolled data flows, making it more difficult to comply with the Sarbanes-Oxley Act (USA) and other compliance-centric initiatives.

Organizations need to re-train their traditional security mindset to approach solutions differently.  The following 3 areas will help your business cast a light to avoid the risks of Shadow IT:

 1. Shadow IT Assessment

A Shadow IT Assessment is a turnkey review of applications/data that is outside your organization’s control today, organized by business risk in a format presentable to decision makers. This process helps you find the places you are vulnerable to losing data that you may not know exist.

2. Security awareness

Create a culture of knowledge with employees to educate them on risks and to encourage organizationally approved methods for data storage.

3. Data Loss Prevention

Take a non-obtrusive 30-day peek at incoming / outgoing email data for sensitive data, customer information, and employee practices. Understand the human factor in losing company data and gain advice on both training and tools – some of which you already own – that will help protect yourself from data loss.

To learn more about any of these solutions, reach out to security experts trained in helping businesses avoid shadows of uncontrolled data flows.