You are losing company data without knowing it – Shadow IT

Losing company data is a potential nightmare. It can sneak up on you, without you realizing it, often through “shadow IT” – software that’s in use within your company that innocently makes its way into your systems and processes without taking security needs into consideration.

Do you know where your data is? Or how it’s leaking from your company?

Do you have a complete view of all the places your data exists, or which software products have access to it?

Shadow IT – one of the gateways to losing company data

Shadow IT—IT solutions and systems used within an organization without its authorization–is prevalent and rising. How does it impact you?

Conventional wisdom is that CIOs direct the IT process, which in turn drives employee capabilities within the organization. Today’s reality is that “90% of CIOs worldwide find themselves bypassed by line-of-business in IT purchasing decisions sometimes and 31% routinely” (Logicalis CIO Survey, 2015).

Here are a few eye-opening statistics regarding the business risk surrounding Shadow IT:

  • 63% of respondents send work documents to their personal email address so they can access them from home
  • 35% of employees work around their organization’s established security policies and procedures to get their job done (Source – RSA: The Untold Insider Threat)

But the largest data threat might not be what you think:

  • 81% of organizational data is lost, disclosed, or stolen vs. 7% that is hacked.

Today’s cloud providers and app stores are filled with tantalizing options for productivity enhancements and the latest wiz-bang features…but who’s minding (or mining) the storage of your business data?

cloud-storageFor example, the use of any of the popular storage providers (Box, Dropbox, Google Drive and OneDrive) increases the likelihood of ‘unofficial’ and uncontrolled data flows, making it more difficult to comply with the Sarbanes-Oxley Act (USA) and other compliance-centric initiatives.

Organizations need to re-train their traditional security mindset to approach solutions differently.  The following 3 areas will help your business cast a light to avoid the risks of Shadow IT:

 1. Shadow IT Assessment

A Shadow IT Assessment is a turnkey review of applications/data that is outside your organization’s control today, organized by business risk in a format presentable to decision makers. This process helps you find the places you are vulnerable to losing data that you may not know exist.

2. Security awareness

Create a culture of knowledge with employees to educate them on risks and to encourage organizationally approved methods for data storage.

3. Data Loss Prevention

Take a non-obtrusive 30-day peek at incoming / outgoing email data for sensitive data, customer information, and employee practices. Understand the human factor in losing company data and gain advice on both training and tools – some of which you already own – that will help protect yourself from data loss.

To learn more about any of these solutions, reach out to security experts trained in helping businesses avoid shadows of uncontrolled data flows.

By |2018-12-18T12:19:48-05:00March 24th, 2016|Security Solutions|Comments Off on You are losing company data without knowing it – Shadow IT

About the Author:

Bruce is the Vice President of Business Strategy. In addition to client-facing roles, Bruce is responsible for operational excellence in areas such as marketing, product alignment, and vendor relations. Over the past 25 years, Bruce has always served in an advisory role for C-level executives, IT Directors and CISOs to ensure that business goals align with IT strategies and initiatives. Microsoft has recognized, trained and badged Bruce as an internal Microsoft resource to allow him full access to solution architecture, roadmaps and competitive guidance. Bruce has a focus on consultative education and helping organizations envision their future with justifiable rationale. He is sought after on speaking engagements including CIO roundtables, executive forums, and conferences. Bruce is a graduate from the University of Illinois (Secondary Ed.) and also holds an MBA from Keller Graduate School, with a credentialed security focus (CISM).