SlideShare a Scribd company logo

Power of CIO threatened by Shadow IT rvr

Download as DOCX, PDF
Reinoudt van Rijckevorsel
Reinoudt van Rijckevorsel
1 of 3
Power of CIO threatened by shadow IT Althoughshadow ITisn’tnewat all,itscharacter haschanged and it ispotentially becomingmore threateningtothe CIO. Cloudservicesoutside control of the CIOmay create securityandcontinuity risks.Whowill be blamedincase of a serioussecuritybreachorcontinuityissue? I am afraidit’sstill the CIO.Howto handle this? The past ShadowIT isdefined asall IT outside control,budgetand oftenoutside view of the central IT department.Ithasexistedalreadyfordecadesandmostprobablywill alwaysbe there. In the past shadow IT consistedof incidental purchasesandinstallationsof hardware orsoftware withoutconsentof the central IT department.Due tolimiteddecentral ITbudgets,the expenditureof shadowIT wasrelativelysmall,aswasitsimpactand risks. Ownersanduserswere usuallyvery positive about‘theirown’shadowIT. Itserveditspurpose well andthey considered ittheirbaby. Whenthere wasa problem,theydidn’tdare tocomplain – knowingtheirbabywas initssort, an illegitimatechild. CIOswho triedtoforbidor blockthisoldstyle shadow ITmade themselvesfarfrom popular.Therefore mostCIOswere inclinedtotolerate thisoldstyleshadow ITandignoreditaslong as it didn’tbecome aseriousproblem. What changed? Since then,mobile devicessuchaslaptops,smartphonesandtabletswere introduced.Tocreate maximumflexibility,organisationsadoptedthe BYOD(bringyourowndevice) approachandallowed companysoftware tobe installedonuserowneddevices.
Accessto companysystemswasgrantedto devicesoutside control of the CIOdepartment.Security became a seriousissue. Cloudservicesbecame available thatoffersolutionsthatare fitforpurpose,cheap, andeasyto purchase and deploy:acreditcard and a few clickswasenough.Consentorevenawarenessof the CIO wasn’tneeded.A newspeciesof shadow ITwasborn. Figures 83% of IT-usersadmitusingshadowIT.80% of IT managersbelievetheyhave successfullyblocked Dropbox.Inrealityonly16% has.(SurveySkyhighNetworks2015). CIOsbelieve theycontrol 80%of total IT spend.Inrealityit’s60% (Forbes2014). 80% of CIOs don’tknowthe extentof shadow ITintheirorganisation,72% addedthat theywould like toknow. 23% of the IT budgetiscurrently spentoncloudservices,7,2% is spentonshadow cloud,inotherwords:one thirdof the total cloud services inuse, hasbeendeployedoutside control of the central IT organisation (Forrester,2013). Newrisks Mobile devices are sometimesstolen,lostorleftunattended ata bar. Whenno central security systemor policyisappliedthismayresultinunwantedaccesstocompanysystems.No hackingskills are required. Whena user leavesthe organization andcorporate ITdeprovisionsthatuserinitsdirectory,nothing happensinthe shadowIT userdirectory. If thisisnot remedied bywhoevermanagesthe shadow IT solution,this formeremployeemaintainsaccesstopotentiallysensitive data (potentiallyahuge securityrisk) while the organization isstill payingforit. In the past shadowIT was typically aminorindependentinitiative withinadepartment.Modern shadowIT cloudsystemsare widelyspreadandusedacrossorganisations.Businessisbecoming more and more dependent onthe reliabilityof shadow ITservices.Manyusersare unaware that these servicesareoutsidecontrol of the departmentof the CIO.Incase of failure the organisationwill pointto the CIO. ‘I didn’tknow’or‘It wasn’tmyresponsibility’ won’tbe acceptedasexcuse. Unlike oldstyle shadowIT,cloudsystemscommunicate withclients,suppliers,businesspartners and/orpublicmedia. Incorrect,sensitive,privateorotherundesirable information couldbe communicatedtoclients,competitors,financialanalystsandpublicmedia,withoutthe CIOknowing it. Again‘Itwas outside mycontrol’won’tbe accepted. How to deal with it? What shoulda CIOdo to deal with these issues? 1. Don’tignore shadowIT.Don’t waitfor issuesto happen.Take actionnow.
2. Look shadowIT rightinthe face. Assessthe currentsituation (functions,systems,risks,cost) of yourshadowIT ASAP.How?There are skilledconsultantsanduseful software toolsaround to help youcollectrelevantinformationin ashortperiodof time at a limitedexpense. 3. Don’ttry to blockshadowIT. Your colleagues are smartenoughto finda wayto go around your blockade. 4. Builda cloudstrategy.Whatcloud servicesdoesyourorganisation really need?Which productsand servicescoulddeliverthe required services?Whichonesperformsuficientlyin termsof securityandavailability? Make choicesbasedonwhatpeople are alreadyusing. 5. Builda menuof available services.Aslongasyourmenucoversall needs,there islittle reasonto use somethingelse. 6. Build/extendasecurity policy thatincludessafetymeasurestakingintoaccountthatmobile devicesare stolen,lostorleftunattended andthatservicesare deprovisionedwhenpeople leave the organisation. Communicate yoursecuritypolicyproperlytochange people’s attitude andbehaviour.

Recommended

A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things NetIQ
 
The CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionThe CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionDigital Guardian
 
Shadow IT
Shadow ITShadow IT
Shadow ITPriyaPandey162
 
Fy17 sec shadow_it-e_book_final_032417
Fy17 sec shadow_it-e_book_final_032417Fy17 sec shadow_it-e_book_final_032417
Fy17 sec shadow_it-e_book_final_032417Основна школа "Миливоје Боровић" Мачкат
 
Cloud Identity
Cloud IdentityCloud Identity
Cloud IdentityNetIQ
 
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityPAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityMighty Guides, Inc.
 
3 Reasons Why IT puts Us at Risk by Phil Godwin
3 Reasons Why IT puts Us at Risk by Phil Godwin3 Reasons Why IT puts Us at Risk by Phil Godwin
3 Reasons Why IT puts Us at Risk by Phil GodwinClear Technologies
 
Leveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and ComplexityLeveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and ComplexityNetIQ
 

Recommended

A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things NetIQ
 
The CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionThe CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionDigital Guardian
 
Shadow IT
Shadow ITShadow IT
Shadow ITPriyaPandey162
 
Fy17 sec shadow_it-e_book_final_032417
Fy17 sec shadow_it-e_book_final_032417Fy17 sec shadow_it-e_book_final_032417
Fy17 sec shadow_it-e_book_final_032417Основна школа "Миливоје Боровић" Мачкат
 
Cloud Identity
Cloud IdentityCloud Identity
Cloud IdentityNetIQ
 
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityPAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityMighty Guides, Inc.
 
3 Reasons Why IT puts Us at Risk by Phil Godwin
3 Reasons Why IT puts Us at Risk by Phil Godwin3 Reasons Why IT puts Us at Risk by Phil Godwin
3 Reasons Why IT puts Us at Risk by Phil GodwinClear Technologies
 
Leveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and ComplexityLeveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and ComplexityNetIQ
 
Big Data for Security
Big Data for SecurityBig Data for Security
Big Data for SecurityJoey Jablonski
 
Cybersecurity Risk Management Principles
Cybersecurity Risk Management PrinciplesCybersecurity Risk Management Principles
Cybersecurity Risk Management PrinciplesCorporate Compliance Seminars
 
Be Aware Webinar Symantec-Maxímice su prevención hacia la fuga de la información
Be Aware Webinar Symantec-Maxímice su prevención hacia la fuga de la informaciónBe Aware Webinar Symantec-Maxímice su prevención hacia la fuga de la información
Be Aware Webinar Symantec-Maxímice su prevención hacia la fuga de la informaciónSymantec LATAM
 
5 Steps to Successful BYOD Implementation
5 Steps to Successful BYOD Implementation5 Steps to Successful BYOD Implementation
5 Steps to Successful BYOD ImplementationJumpCloud
 
4 Reasons Why Small and Medium Businesses Need Tech Support
4 Reasons Why Small and Medium Businesses Need Tech Support4 Reasons Why Small and Medium Businesses Need Tech Support
4 Reasons Why Small and Medium Businesses Need Tech SupportOur Tech Team
 
Tripwire enterprise 87_datasheet
Tripwire enterprise 87_datasheetTripwire enterprise 87_datasheet
Tripwire enterprise 87_datasheetDevaraj Sl
 
Digital guardian data loss prevention tools
Digital guardian data loss prevention toolsDigital guardian data loss prevention tools
Digital guardian data loss prevention toolsMani Garg
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from SymantecArrow ECS UK
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsFrederic Roy-Gobeil, CPA, CGA, M.Tax.
 
Symantec Data Loss Prevention 9
Symantec Data Loss Prevention 9Symantec Data Loss Prevention 9
Symantec Data Loss Prevention 9Ariel Martin Beliera
 
Get your house on order
Get your house on orderGet your house on order
Get your house on orderDekkinga, Ewout
 
10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the Cloud10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the CloudPeak 10
 
BMC Discovery IDC Research Study 470 ROI in 5 Years
BMC Discovery IDC Research Study 470 ROI in 5 YearsBMC Discovery IDC Research Study 470 ROI in 5 Years
BMC Discovery IDC Research Study 470 ROI in 5 YearsChris Farwell
 
Accelerite Sentient Executive Briefing
Accelerite Sentient Executive BriefingAccelerite Sentient Executive Briefing
Accelerite Sentient Executive BriefingAccelerite
 
Should You Be Automating
Should You Be AutomatingShould You Be Automating
Should You Be AutomatingSiemplify
 
Manage Remote Workers in Three Easy Steps
Manage Remote Workers in Three Easy StepsManage Remote Workers in Three Easy Steps
Manage Remote Workers in Three Easy StepsJumpCloud
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationTripwire
 
Business Objects Security
Business Objects SecurityBusiness Objects Security
Business Objects SecuritySebastien Goiffon
 
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...NetIQ
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecuritySvetlana Belyaeva
 
A brief introduction to the basics of game theory
A brief introduction to the basics of game theoryA brief introduction to the basics of game theory
A brief introduction to the basics of game theoryWladimir Augusto
 
BHBE 2: Referring to Things
BHBE 2: Referring to ThingsBHBE 2: Referring to Things
BHBE 2: Referring to ThingsChris Heard
 

More Related Content

What's hot

Be Aware Webinar Symantec-Maxímice su prevención hacia la fuga de la información
Be Aware Webinar Symantec-Maxímice su prevención hacia la fuga de la informaciónBe Aware Webinar Symantec-Maxímice su prevención hacia la fuga de la información
Be Aware Webinar Symantec-Maxímice su prevención hacia la fuga de la informaciónSymantec LATAM
 
5 Steps to Successful BYOD Implementation
5 Steps to Successful BYOD Implementation5 Steps to Successful BYOD Implementation
5 Steps to Successful BYOD ImplementationJumpCloud
 
4 Reasons Why Small and Medium Businesses Need Tech Support
4 Reasons Why Small and Medium Businesses Need Tech Support4 Reasons Why Small and Medium Businesses Need Tech Support
4 Reasons Why Small and Medium Businesses Need Tech SupportOur Tech Team
 
Tripwire enterprise 87_datasheet
Tripwire enterprise 87_datasheetTripwire enterprise 87_datasheet
Tripwire enterprise 87_datasheetDevaraj Sl
 
Digital guardian data loss prevention tools
Digital guardian data loss prevention toolsDigital guardian data loss prevention tools
Digital guardian data loss prevention toolsMani Garg
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from SymantecArrow ECS UK
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsFrederic Roy-Gobeil, CPA, CGA, M.Tax.
 
10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the Cloud10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the CloudPeak 10
 
BMC Discovery IDC Research Study 470 ROI in 5 Years
BMC Discovery IDC Research Study 470 ROI in 5 YearsBMC Discovery IDC Research Study 470 ROI in 5 Years
BMC Discovery IDC Research Study 470 ROI in 5 YearsChris Farwell
 
Accelerite Sentient Executive Briefing
Accelerite Sentient Executive BriefingAccelerite Sentient Executive Briefing
Accelerite Sentient Executive BriefingAccelerite
 
Should You Be Automating
Should You Be AutomatingShould You Be Automating
Should You Be AutomatingSiemplify
 
Manage Remote Workers in Three Easy Steps
Manage Remote Workers in Three Easy StepsManage Remote Workers in Three Easy Steps
Manage Remote Workers in Three Easy StepsJumpCloud
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationTripwire
 
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...NetIQ
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecuritySvetlana Belyaeva
 

What's hot (20)

Big Data for Security
Big Data for SecurityBig Data for Security
Big Data for Security
 
Cybersecurity Risk Management Principles
Cybersecurity Risk Management PrinciplesCybersecurity Risk Management Principles
Cybersecurity Risk Management Principles
 
Be Aware Webinar Symantec-Maxímice su prevención hacia la fuga de la información
Be Aware Webinar Symantec-Maxímice su prevención hacia la fuga de la informaciónBe Aware Webinar Symantec-Maxímice su prevención hacia la fuga de la información
Be Aware Webinar Symantec-Maxímice su prevención hacia la fuga de la información
 
5 Steps to Successful BYOD Implementation
5 Steps to Successful BYOD Implementation5 Steps to Successful BYOD Implementation
5 Steps to Successful BYOD Implementation
 
4 Reasons Why Small and Medium Businesses Need Tech Support
4 Reasons Why Small and Medium Businesses Need Tech Support4 Reasons Why Small and Medium Businesses Need Tech Support
4 Reasons Why Small and Medium Businesses Need Tech Support
 
Tripwire enterprise 87_datasheet
Tripwire enterprise 87_datasheetTripwire enterprise 87_datasheet
Tripwire enterprise 87_datasheet
 
Digital guardian data loss prevention tools
Digital guardian data loss prevention toolsDigital guardian data loss prevention tools
Digital guardian data loss prevention tools
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from Symantec
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of Things
 
Symantec Data Loss Prevention 9
Symantec Data Loss Prevention 9Symantec Data Loss Prevention 9
Symantec Data Loss Prevention 9
 
Get your house on order
Get your house on orderGet your house on order
Get your house on order
 
10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the Cloud10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the Cloud
 
BMC Discovery IDC Research Study 470 ROI in 5 Years
BMC Discovery IDC Research Study 470 ROI in 5 YearsBMC Discovery IDC Research Study 470 ROI in 5 Years
BMC Discovery IDC Research Study 470 ROI in 5 Years
 
Accelerite Sentient Executive Briefing
Accelerite Sentient Executive BriefingAccelerite Sentient Executive Briefing
Accelerite Sentient Executive Briefing
 
Should You Be Automating
Should You Be AutomatingShould You Be Automating
Should You Be Automating
 
Manage Remote Workers in Three Easy Steps
Manage Remote Workers in Three Easy StepsManage Remote Workers in Three Easy Steps
Manage Remote Workers in Three Easy Steps
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
 
Business Objects Security
Business Objects SecurityBusiness Objects Security
Business Objects Security
 
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity
 

Viewers also liked

A brief introduction to the basics of game theory
A brief introduction to the basics of game theoryA brief introduction to the basics of game theory
A brief introduction to the basics of game theoryWladimir Augusto
 
BHBE 2: Referring to Things
BHBE 2: Referring to ThingsBHBE 2: Referring to Things
BHBE 2: Referring to ThingsChris Heard
 
Weekly media update 14.09.2015
Weekly media update 14.09.2015Weekly media update 14.09.2015
Weekly media update 14.09.2015BalmerLawrie
 
1. postanovlenie ob_utverzhdenii_reglamenta_odnogo_okna
1. postanovlenie ob_utverzhdenii_reglamenta_odnogo_okna1. postanovlenie ob_utverzhdenii_reglamenta_odnogo_okna
1. postanovlenie ob_utverzhdenii_reglamenta_odnogo_oknaНиколай Стрелов
 
Don't judge challenge girls
Don't judge challenge girlsDon't judge challenge girls
Don't judge challenge girlsdavidmubarak11
 
Surrogacy low cost across the world
Surrogacy low cost across the worldSurrogacy low cost across the world
Surrogacy low cost across the worldMyra IVF
 
稷安 20150902 古今圖書集成
稷安 20150902 古今圖書集成稷安 20150902 古今圖書集成
稷安 20150902 古今圖書集成景逸 王
 

Viewers also liked (16)

A brief introduction to the basics of game theory
A brief introduction to the basics of game theoryA brief introduction to the basics of game theory
A brief introduction to the basics of game theory
 
BHBE 2: Referring to Things
BHBE 2: Referring to ThingsBHBE 2: Referring to Things
BHBE 2: Referring to Things
 
Edad 516 2015
Edad 516 2015Edad 516 2015
Edad 516 2015
 
Anurag Tripathi Resume
Anurag Tripathi ResumeAnurag Tripathi Resume
Anurag Tripathi Resume
 
Weekly media update 14.09.2015
Weekly media update 14.09.2015Weekly media update 14.09.2015
Weekly media update 14.09.2015
 
1. postanovlenie ob_utverzhdenii_reglamenta_odnogo_okna
1. postanovlenie ob_utverzhdenii_reglamenta_odnogo_okna1. postanovlenie ob_utverzhdenii_reglamenta_odnogo_okna
1. postanovlenie ob_utverzhdenii_reglamenta_odnogo_okna
 
Auditory
AuditoryAuditory
Auditory
 
Stream_2014_news
Stream_2014_newsStream_2014_news
Stream_2014_news
 
mh awards
mh awardsmh awards
mh awards
 
AgileValues
AgileValuesAgileValues
AgileValues
 
Presentation
PresentationPresentation
Presentation
 
Don't judge challenge girls
Don't judge challenge girlsDon't judge challenge girls
Don't judge challenge girls
 
seminario
seminarioseminario
seminario
 
Surrogacy low cost across the world
Surrogacy low cost across the worldSurrogacy low cost across the world
Surrogacy low cost across the world
 
MIF_2014_DGAJ_new
MIF_2014_DGAJ_newMIF_2014_DGAJ_new
MIF_2014_DGAJ_new
 
稷安 20150902 古今圖書集成
稷安 20150902 古今圖書集成稷安 20150902 古今圖書集成
稷安 20150902 古今圖書集成
 

Similar to Power of CIO threatened by Shadow IT rvr

Security White Paper
Security White PaperSecurity White Paper
Security White PaperMobiWee
 
Top 3 security concerns for enterprises
Top 3 security concerns for enterprisesTop 3 security concerns for enterprises
Top 3 security concerns for enterprisesTaranggg11
 
7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing Investments7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing InvestmentsCaston Thomas
 
br-security-connected-top-5-trends
br-security-connected-top-5-trendsbr-security-connected-top-5-trends
br-security-connected-top-5-trendsChristopher Bennett
 
Will factory cybersecurity keep up with the accelerating IoT.docx
Will factory cybersecurity keep up with the accelerating IoT.docxWill factory cybersecurity keep up with the accelerating IoT.docx
Will factory cybersecurity keep up with the accelerating IoT.docxVirha Tiku
 
Cleveland Sight Center_low res
Cleveland Sight Center_low resCleveland Sight Center_low res
Cleveland Sight Center_low resMichael McManamon
 
Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistancePaul-Charife Allen
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsTripwire
 
Next-Gen Security for SDDC Infographic
Next-Gen Security for SDDC InfographicNext-Gen Security for SDDC Infographic
Next-Gen Security for SDDC InfographicVMware Academy
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJSherry Jones
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJSherry Jones
 
MT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityMT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityDell EMC World
 
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdfRakeshPatel583282
 
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0Fabrizio Cilli
 
IT Solutions for 3 Common Small Business Problems
IT Solutions for 3 Common Small Business ProblemsIT Solutions for 3 Common Small Business Problems
IT Solutions for 3 Common Small Business ProblemsBrooke Bordelon
 

Similar to Power of CIO threatened by Shadow IT rvr (20)

Security White Paper
Security White PaperSecurity White Paper
Security White Paper
 
Security Feature Cover Story
Security Feature Cover StorySecurity Feature Cover Story
Security Feature Cover Story
 
Top 3 security concerns for enterprises
Top 3 security concerns for enterprisesTop 3 security concerns for enterprises
Top 3 security concerns for enterprises
 
7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing Investments7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing Investments
 
br-security-connected-top-5-trends
br-security-connected-top-5-trendsbr-security-connected-top-5-trends
br-security-connected-top-5-trends
 
Virtualization Security Risks
Virtualization Security RisksVirtualization Security Risks
Virtualization Security Risks
 
Will factory cybersecurity keep up with the accelerating IoT.docx
Will factory cybersecurity keep up with the accelerating IoT.docxWill factory cybersecurity keep up with the accelerating IoT.docx
Will factory cybersecurity keep up with the accelerating IoT.docx
 
Cleveland Sight Center_low res
Cleveland Sight Center_low resCleveland Sight Center_low res
Cleveland Sight Center_low res
 
Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistance
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The Experts
 
Next-Gen Security for SDDC Infographic
Next-Gen Security for SDDC InfographicNext-Gen Security for SDDC Infographic
Next-Gen Security for SDDC Infographic
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
 
Looking into the future of security
Looking into the future of securityLooking into the future of security
Looking into the future of security
 
MT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityMT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in Cybersecurity
 
ZS Infotech v1.0
ZS Infotech v1.0ZS Infotech v1.0
ZS Infotech v1.0
 
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
 
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
 
Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AI
 
IT Solutions for 3 Common Small Business Problems
IT Solutions for 3 Common Small Business ProblemsIT Solutions for 3 Common Small Business Problems
IT Solutions for 3 Common Small Business Problems
 

Power of CIO threatened by Shadow IT rvr

  • 1. Power of CIO threatened by shadow IT Althoughshadow ITisn’tnewat all,itscharacter haschanged and it ispotentially becomingmore threateningtothe CIO. Cloudservicesoutside control of the CIOmay create securityandcontinuity risks.Whowill be blamedincase of a serioussecuritybreachorcontinuityissue? I am afraidit’sstill the CIO.Howto handle this? The past ShadowIT isdefined asall IT outside control,budgetand oftenoutside view of the central IT department.Ithasexistedalreadyfordecadesandmostprobablywill alwaysbe there. In the past shadow IT consistedof incidental purchasesandinstallationsof hardware orsoftware withoutconsentof the central IT department.Due tolimiteddecentral ITbudgets,the expenditureof shadowIT wasrelativelysmall,aswasitsimpactand risks. Ownersanduserswere usuallyvery positive about‘theirown’shadowIT. Itserveditspurpose well andthey considered ittheirbaby. Whenthere wasa problem,theydidn’tdare tocomplain – knowingtheirbabywas initssort, an illegitimatechild. CIOswho triedtoforbidor blockthisoldstyle shadow ITmade themselvesfarfrom popular.Therefore mostCIOswere inclinedtotolerate thisoldstyleshadow ITandignoreditaslong as it didn’tbecome aseriousproblem. What changed? Since then,mobile devicessuchaslaptops,smartphonesandtabletswere introduced.Tocreate maximumflexibility,organisationsadoptedthe BYOD(bringyourowndevice) approachandallowed companysoftware tobe installedonuserowneddevices.
  • 2. Accessto companysystemswasgrantedto devicesoutside control of the CIOdepartment.Security became a seriousissue. Cloudservicesbecame available thatoffersolutionsthatare fitforpurpose,cheap, andeasyto purchase and deploy:acreditcard and a few clickswasenough.Consentorevenawarenessof the CIO wasn’tneeded.A newspeciesof shadow ITwasborn. Figures 83% of IT-usersadmitusingshadowIT.80% of IT managersbelievetheyhave successfullyblocked Dropbox.Inrealityonly16% has.(SurveySkyhighNetworks2015). CIOsbelieve theycontrol 80%of total IT spend.Inrealityit’s60% (Forbes2014). 80% of CIOs don’tknowthe extentof shadow ITintheirorganisation,72% addedthat theywould like toknow. 23% of the IT budgetiscurrently spentoncloudservices,7,2% is spentonshadow cloud,inotherwords:one thirdof the total cloud services inuse, hasbeendeployedoutside control of the central IT organisation (Forrester,2013). Newrisks Mobile devices are sometimesstolen,lostorleftunattended ata bar. Whenno central security systemor policyisappliedthismayresultinunwantedaccesstocompanysystems.No hackingskills are required. Whena user leavesthe organization andcorporate ITdeprovisionsthatuserinitsdirectory,nothing happensinthe shadowIT userdirectory. If thisisnot remedied bywhoevermanagesthe shadow IT solution,this formeremployeemaintainsaccesstopotentiallysensitive data (potentiallyahuge securityrisk) while the organization isstill payingforit. In the past shadowIT was typically aminorindependentinitiative withinadepartment.Modern shadowIT cloudsystemsare widelyspreadandusedacrossorganisations.Businessisbecoming more and more dependent onthe reliabilityof shadow ITservices.Manyusersare unaware that these servicesareoutsidecontrol of the departmentof the CIO.Incase of failure the organisationwill pointto the CIO. ‘I didn’tknow’or‘It wasn’tmyresponsibility’ won’tbe acceptedasexcuse. Unlike oldstyle shadowIT,cloudsystemscommunicate withclients,suppliers,businesspartners and/orpublicmedia. Incorrect,sensitive,privateorotherundesirable information couldbe communicatedtoclients,competitors,financialanalystsandpublicmedia,withoutthe CIOknowing it. Again‘Itwas outside mycontrol’won’tbe accepted. How to deal with it? What shoulda CIOdo to deal with these issues? 1. Don’tignore shadowIT.Don’t waitfor issuesto happen.Take actionnow.
  • 3. 2. Look shadowIT rightinthe face. Assessthe currentsituation (functions,systems,risks,cost) of yourshadowIT ASAP.How?There are skilledconsultantsanduseful software toolsaround to help youcollectrelevantinformationin ashortperiodof time at a limitedexpense. 3. Don’ttry to blockshadowIT. Your colleagues are smartenoughto finda wayto go around your blockade. 4. Builda cloudstrategy.Whatcloud servicesdoesyourorganisation really need?Which productsand servicescoulddeliverthe required services?Whichonesperformsuficientlyin termsof securityandavailability? Make choicesbasedonwhatpeople are alreadyusing. 5. Builda menuof available services.Aslongasyourmenucoversall needs,there islittle reasonto use somethingelse. 6. Build/extendasecurity policy thatincludessafetymeasurestakingintoaccountthatmobile devicesare stolen,lostorleftunattended andthatservicesare deprovisionedwhenpeople leave the organisation. Communicate yoursecuritypolicyproperlytochange people’s attitude andbehaviour.