Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Top Stories

MOVE OVER BRING YOUR OWN DEVICE – NOW WORKERS ARE PACKING THEIR OWN CLOUD AND APPS INTO THEIR VIRTUAL BRIEFCASE

mobile3

Published : , on

 – Espion looks at the challenges for CIOs in the era of “Shadow IT products” –

Like it or not, today’s workers want to use their own devices, applications and software to be more productive at work.  Who could blame them for wanting to take advantage of the time-saving, skill-boosting, collaboration-enhancing, process-streamlining (and more) apps and software that have flooded the market.

In many cases, these “Shadow IT products” (non-approved SaaS applications), are downloaded and adopted by employees without consulting their IT department.  The scale of this was highlighted last year when a Stratecast and Frost & Sullivan study found more than 80 per cent of survey respondents admit to using non-approved SaaS applications in their jobs.  In addition, the study found, the average company uses around 20 SaaS applications; of these, more than seven were non-approved.

This new frontier poses many challenges for CIOs who are expected to deliver IT and enable people to work to their own personal expectations, in the way they use technology in the home – fast, wireless connected 24/7 whilst trying to maintain security and compliance.

In an increasingly complex device, application and software landscape just how can today’s CIO navigate the ever-evolving tasks of Application Management, Mobile Device Management and Enterprise Mobility Management?

The risks versus the rewards

Without doubt, apps and cloud solutions such as Basecamp, Salesforce, Dropbox and Google Apps are great for productivity and flexible working.  However organisations need to be highly cognisant of the downside some apps pose for information security risk, particularly as consumers often ignore end user licencing agreements (EULAs), enabling developers to collect and utilise private information to varying degrees.

According to application security company Veracode, 67 per cent of mobile applications can access, add or edit address book contacts.  This ability to read data from SIM cards and transmit it to unknown geo-locations could expose an organisation to data loss, improper transmission and storage of potentially sensitive corporate data.

Espion security consultant, Shane Ryan explains:  “The worst case scenario is that IT is unaware of cloud and mobile apps employees are using which means they can’t control data access and management.  Here a key concern should be corporate data access and data confidentiality issues.

It’s important we learn from the BYOD frontier, where devices were accepted so quickly and extensively that before organisations knew it, vast numbers of employees were using their personal devices for work with little to no consideration of the security implications.  As information security moves higher up the corporate agenda CIOs need to take a strategic risk-based approach to managing devices, applications and non-enterprise approved Shadow IT software.”

It is paramount CIOs take heed of the growth in consumer market technologies within the enterprise and accept this trend will continue to evolve.  Organisations should plan and address the security aspects of devices, apps and software.

When it comes to protecting your data’s confidentiality, integrity and availability, your resources as well as your reputation here are ten things to consider.

Ten tips for tackling Shadow IT

 

  1.      Monitor your network to keep track of what Shadow IT is lurking in your systems

By continuously scanning and monitoring your network you will be able to identify Shadow IT and keep track of what’s going on.

To identify the cloud services being used outside of IT’s scope you can process log data from your firewalls, proxies, SIEMS and Mobile Device Management products.

  1.      Quantify the risks by knowing who has access to your corporate data

A key concern should be corporate data access and data confidentiality issues.

By identifying and understanding what data you are processing, transmitting and storing then you can classify data into categories such as confidential, internal organisational use only, public etc.  This will help you ensure the right level of controls are used to protect the data.

 

  1.      What’s the policy?

Consider having a ‘consumerisation policy’ that states what apps, software and devices can be used in the workplace, what part of the network they are allowed to access and what security procedures and protocols they must adhere to.

  1.      Make use of ‘intelligence’ resources that are available to find out about these apps

Currently there are exciting new trailblazing technologies that help enterprises determine the ‘trust’ level of apps with all-in-one App Risk Management services and global databases of analysed public and private apps.  Apps can then be blocked based on your risk appetite and enterprise policies.

  1.      Communicate the risks to stakeholders

Explain to colleagues that when they deploy Shadow IT the configuring and managing process (applying patches, authentication and access controls as well as security testing) falls outside the organisation. That makes organisations and their reputation vulnerable.

Enforce the use of approved applications only which meet enterprise standards, and when necessary restrict network access to workers who fail to comply.

 

  1.      Fear Free apps

While workers may think they are saving money by opting for free apps, these technologies generate revenue by sharing user data with third parties like ad networks which impacts on overall app security and privacy.  If you are not paying for the app you and your company data are the product.

  1.      Look for solutions to secure these apps and clouds

When it comes to controlling the extended enterprise, simply and securely, find a solution that can streamline wide-scale deployments by securing or restricting apps automatically.

 

  1.      Don’t overlook licencing agreements

Shadow software and apps challenge software asset management compliance.  What would your organisation do if unapproved software spurred a compliance / regulatory audit with the risk of fines?

 

  1.      Work with employees to tackle this issue

Aim to work with employees to tackle this issue and have a clear dialogue with business stakeholders about their business challenges and requirements.  IT should ultimately be enabling the business to work better and smarter at a known level of risk which is accepted by the business.

Remember to build awareness around the hazards of Shadow IT into your company-wide security awareness and training.

  1.   Perform security testing regularly

Evaluate device security and usage of apps periodically.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post