Ending the ‘forever war’ against shadow IT

11 months ago AndyC

One of the most important accountabilities of the modern CIO is data integrity. The corporation must be confident that the data it uses to make strategic business decisions is safe, accurate, and private.

[…]

Ending the ‘forever war’ against shadow IT

One of the most important accountabilities of the modern CIO is data integrity. The corporation must be confident that the data it uses to make strategic business decisions is safe, accurate, and private. There is no question that the IT department and its CIO is ultimately responsible for assuring this is true.

But ensuring data integrity is a daunting task. In the face of hackers, data repositories in the cloud, and ever-changing technology, data integrity is an ongoing battle — one made much more difficult by the presence of shadow IT. And it will only get worse as AI opportunities make it easier for employees to misuse corporate data.

Shadow IT: Unsanctioned and persistent

First, let’s define terms. Gartner defines shadow IT as IT devices, software, and services outside the ownership or control of the IT organization. This definition includes IT devices not controlled by the corporation, software that may exist on corporate IT devices, or data interactions provided by third parties on the cloud.

Despite how corporate data is used or manipulated in these scenarios, the CIO is still responsible for the accuracy and integrity of the data. Unfortunately, this is the case even if the system is unknown to IT. This expectation is all the justification IT needs to pursue and stop shadow IT.

IT must work closely with the IT steering committee — which should be composed of senior management, including the CEO and CIO, and be responsible for prioritizing the IT agenda — to develop a strong statement of policy that forbids this unilateral activity. At the same time, however, IT in conjunction with the IT steering committee must also establish a methodology that enables user departments to quickly implement computer solutions that require a minimum of IT time.

A good, but imperfect analogy for this could come from the marketing department, which is responsible for assuring the protection of the brand and trademarks both internally and externally. Any violation that is found by the marketing department is usually met with swift and uncompromising cease and desist orders. A similar approach should be taken by IT in dealing with shadow IT.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , ,

More Stories

Appeal court overturns .6bn mainframe software ‘poaching’ ruling against IBM

Appeal court overturns $1.6bn mainframe software ‘poaching’ ruling against IBM

2 days ago AndyC
Apple earnings: About that iPhone 'slump' in China

Apple earnings: About that iPhone ‘slump’ in China

2 days ago AndyC
IBM and AWS forge global alliance, streamlining access to AI and hybrid cloud solutions

IBM and AWS forge global alliance, streamlining access to AI and hybrid cloud solutions

2 days ago AndyC
Microsoft begins to phase out ‘classic’ Teams

Microsoft begins to phase out ‘classic’ Teams

2 days ago AndyC
UPS delivers customer wins with generative AI

UPS delivers customer wins with generative AI

2 days ago AndyC
Scrum master certification: Top 13 certs for agile pros

Scrum master certification: Top 13 certs for agile pros

2 days ago AndyC

You may have missed

Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION

27 mins ago AndyC
GenAI Continues to Dominate CIO and CISO Conversations

GenAI Continues to Dominate CIO and CISO Conversations

27 mins ago AndyC

Pay up, or else? – Week in security with Tony Anscombe

15 hours ago AndyC
Blackbasta gang Synlab Italia attack

Blackbasta gang Synlab Italia attack

18 hours ago AndyC
Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities

Microsoft Outlook Flaw Exploited by Russia’s APT28 to Hack Czech, German Entities

1 day ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.