Is blockchain the antidote to all cybersecurity woes?

/0 Comments/in , , , , , , , , , /by

Blockchain has been turning heads since it was first unveiled in 2008 to become the backbone of then relatively unknown cryptocurrency, bitcoin. Since then, blockchain and Bitcoin have skyrocketed in public awareness, with the latter becoming the most successful cryptocurrency in history. A large portion of bitcoin's success is due to its blockchain infrastructure, which prevents the duplication of funds (preventing double-spending) and automatically time-stamps every transaction.

The developer (or developers) behind blockchain created the software to be resistant to alteration or hacking, making it one of the more inherently secure systems that companies can use to manage secure infrastructures. Some have heralded blockchain as the ultimate tool to promote cybersecurity and reduce the risk of data breaches.

Then bitcoin, in addition to several other cryptocurrencies, were hacked. According to CNN, the attack erased the equivalent of billions of dollars and sent the value of the affected cryptocurrencies plunging. The incident has many questioning just how secure blockchain is and whether the software was simply a temporary fix, like so many others, against the ever-present threat of cyberattacks.

"Blockchain can give each registered device a specific SSL certificate for authentication."

The case for blockchain
While buzzwords are common in the tech industry, there are several legitimate reasons why blockchain has been celebrated as a secure platform. According to Info Security Magazine, one of blockchain's primary appeals is its decentralized data storage. While users can access blockchain data on a computer or mobile device, the program itself is typically stored throughout the network.

If one access point – or block – is targeted by hackers, then the other blocks will react to it. The attempted cyberattack will likely alter the data on the block in a way that is immediately noticeable by the rest of the chain. This block will then simply be disconnected, isolating the malicious data before it can impact the system.

Another helpful advantage of blockchain is its effectiveness against dedicated denial of service attacks. These cyberattacks target the domain name system, flooding it with so much data traffic that it essentially shuts down. Using blockchain software would allow the DNS to spread its contents to more nodes, reducing the effectiveness of the DDoS attack before it reaches a crippling stage.

Networks using a blockchain infrastructure can also bypass the need for passwords in certain situations. Instead of using the human-oriented password system, blockchain can give each registered device a specific SSL certificate. This mode of authentication is a lot more difficult for outside sources to access, reducing the likelihood of a hack.

Removing dependence on passwords may sound less secure but it is actually seen as an improvement. Employees can be careless with their login information or choose passwords that can be easily deduced by third parties. Eliminating the human factor from authentication actually goes a long way by removing one of the most common exploit points.

However, no system is 100 percent secure.

The McAfee Report
While many companies preach the value of blockchain, global computer security software company McAfee recently released a critical report on the software, stating that industries have every reason to expect cyberattacks. McAfee looked at early blockchain adapters, namely cryptocurrencies, and studied the types of cyberattacks still occurring within these companies.

The report identified four primary attack types: implementation exploits, malware, phishing and general technology vulnerabilities. Certain cryptocurrencies themselves have been used to help the spread of advanced malware, including ransomware. Coin miner malware alone grew by 629 percent in the first quarter of 2018, according to McAfee data.

Cybercriminals have also been using cryptocurrencies to mask their identities, taking advantage of blockchain's secure features to help them evade the law.

Blockchain builds its infrastructure securely, but not in a manner that is invulnerable. Blockchain builds its infrastructure securely, but not in a manner that is invulnerable.

What companies can learn from the cryptocurrency attack
Lastly, however, the attack of the cryptocurrencies themselves should highlight the limitations of blockchain. While the program may be innately secure, it is not an excuse to abandon other forms of caution. Technology is spreading at a rapid pace with information security specialists struggling to catch up.

In short, blockchain should be seen as just another tool and not a cure-all for cyberattacks. Its architecture can be helpful but must be implemented in a thorough, professional manner. Even then, it should also be paired with other programs and employee training to best reduce the risk of cybercrime.

Cybersecurity tips at a glance: Managing IoT devices

/0 Comments/in , , , , , , , /by

As the realm of the internet of things grows, it is important to understand all aspects of the technology’s performance. Companies and industries that see only the benefits open themselves up to data breaches, public embarrassment and even legal action. IoT technology can boost productivity when done right but lead to costly and unnecessary expenses if utilized without proper foresight.

The possible downsides of exercise wearables
Employee wellness is a trend that is sweeping across industries. These initiatives have shown positive results, such as increasing worker morale and promoting healthy behaviors. One study from the Journal of Occupational and Environmental Medicine even found that employee wellness diet programs can reduce health risks.

To this end, exercise wearables, such as Fitbit, appear to make sense. These devices can track heart rate, body temperature, calorie consumption and sleep quality. Many come with a social aspect, as well, allowing co-workers to engage in friendly competition to see who is the most active within the office.

For many industries, these wearables have no real downside. However, employers should know that the data gathered by many fitness wearables can be used to track employee location. This vulnerability has been problematic, especially for those working for the U.S. armed forces. According to The Washington Post, several previously secret military bases were revealed when data gathered by GPS tracking company Strava was made public.

The U.S. army had been using these fitness wearables for their advantages without fully understanding how the technology could be exploited. Most commercial hardware is designed for ease of use and cost affordability. These traits are in part the reason why IoT has famously encountered cybersecurity concerns over the past several years.

For enterprises working with sensitive and classified materials, IoT wearables may have a downside. Outside parties, benign and malicious, can track employee movement, knowing more about workers than may be deemed safe.

Augmented reality glasses can also potentially leak vital secrets, as they see and record all the employee does. Augmented reality glasses can also potentially leak vital secrets, as they see and record all the employee does.

Know where backup data is stored
Many IoT devices provide extra “eyes” on the field. Drones have been performing various types of reconnaissance missions for decades, whether for government contractors or farmers wishing to understand more about their soil. These unmanned aerial vehicles, or UAVs, are built to capture, transmit and store data.

While useful, drones have several serious cybersecurity concerns. They can be intercepted, and if so, their data is easily accessible. This risk is especially a problem for devices that back up information into themselves. A report from Syracuse University indicates that there are concerns that data stored on Chinese manufactured drones could be accessed by their government and would be out of U.S. control.

Using IoT devices has many advantages, but executives must always consider the full picture before implementation.

Is a hybrid cloud solution right for your company?

/0 Comments/in , , , , , , , , , , /by

Over the last decade, many companies have been shifting IT responsibilities to the cloud, a solution that allows various users and hardware to share data over vast distances. Cloud programs frequently take the form of infrastructure as a service. A company that can't afford in-house servers or a full-sized IT team can use cloud solutions to replace these hardware and personnel limitations.

Large companies like Amazon, Microsoft and Google are all behind cloud services, propelling the space forward and innovating constantly. However, there are still limitations when it comes to cloud adoption. For as convenient as theses services are, they are designed for ubiquitous usage. Organizations that specialize in certain tasks may find a cloud solution limited in its capabilities.

Those businesses wishing to support service-oriented architecture may wish to consider a hybrid cloud solution, a new service becoming widespread throughout various enterprise application. As its name suggests, a hybrid cloud solution combines the power of a third-party cloud provider with the versatility of in-house software. While this sounds like an all-around positive, these solutions are not for every organization.

"Before businesses discuss a hybrid solution, they need three separate components."

Why technical prowess matters for hybrid cloud adoption
TechTarget listed three essentials for any company attempting to implement a hybrid cloud solution. Organizations must:

  1. Have on-premise private cloud hardware, including servers, or else a signed agreement with a private cloud provider.
  2. Support a strong and stable wide area network connection.
  3. Have purchased an agreement with a public cloud platform such as AWS, Azure or Google Cloud.

Essentially, before businesses can discuss a hybrid solution, they need all the separate components. An office with its own server room will still struggle with a hybrid cloud solution if its WAN cannot reliably link the private system with the third party cloud provider. And here is the crutch. Companies without skilled IT staffs need to think long and hard about what that connection would entail.

Compatibility is a crucial issue. Businesses can have the most sophisticated, tailored in-house cloud solution in the world but, if it doesn't work with the desired third party cloud software, the application will be next to useless. It isn't just a matter of software. Before a hybrid cloud solution can be considered feasible, equipment like servers, load balancers and a local area network all need to be examined to see how well they will function with the proposed solution.

After this preparation is complete, organizations will need to create a hypervisor to maintain virtual machine functionality. Once this is accomplished, a private cloud software layer will be needed to empower many essential cloud capabilities. Then the whole interface will need to be reworked with the average user in mind to create a seamless experience.

In short: in-house, skilled IT staff are essential to successfully utilizing a hybrid cloud solution. If businesses doubt the capabilities of any department, or question whether they have enough personnel to begin with, it may be better to hold off on hybrid cloud adoption.

Without being properly installed, a poorly implemented solution could cause delays, lost data and, worse of all, potentially disastrous network data breaches.

Cloud technology has been designed to keep business data secure. Poorly installing a hybrid solution could weaken this stability.Cloud technology has been designed to keep business data secure. Poorly installing a hybrid solution could weaken this stability.

The potential benefits of the hybrid cloud
However, if created the right way, a hybrid cloud solution brings a wide array of advantages to many enterprises, particularly those working with big data. According to the Harvard Business Review, hybrid cloud platforms can bring the best of both solutions, including unified visibility into resource utilization. This improved overview will empower companies to track precisely which employees are using what and for how long. Workload analysis reports and cost optimization will ultimately be improved as organizations can better direct internal resources and prioritize workers with stronger performances.

Overall platform features and computing needs will also be fully visible, allowing businesses to scale with greater flexibility. This is especially helpful for enterprises that see "rush periods" near the end of quarter/year. As the need rises, the solution can flex right along with it.

Hybrid cloud services are also easier to manage. If implemented properly, IT teams can harmonize the two infrastructures into one consistent interface. This will mean that employees only need to become familiar with one system, rather than learning different apps individually.

Companies processing big data can segment processing needs, according to the TechTarget report. Information like accumulated sales, test and business data can be retained privately while the third party solution runs analytical models, which can scale larger data collections without compromising in-office network performance.

As The Practical Guide to Hybrid Cloud Computing noted, this type of solution allows businesses to tailor their capabilities and services in a way that directly aligns with desired company objectives, all while ensuring that such goals remain within budget.

Organizations with skilled, fully formed IT teams should consider hybrid cloud solutions. While not every agency needs this specialized, flexible data infrastructure, many businesses stand ready to reap considerable rewards from the hybrid cloud.

Data Madness: Physical and digital, ensuring that critical data stays safe

/0 Comments/in , , , , , , , , /by

With March winding down, it is important to remember the significance of confidential corporate information. Data has been called the new oil, however, as Business Insider pointed out, this is not a great comparison. Unlike oil, more data does not intrinsically mean greater value. The nature of this information greatly matters.

So really, data is more like sediment. Some bits are just pebbles – numerous beyond count and basically interchangeable. However, certain information – like say personal identification information and dedicated analytical data – is immensely valuable. These are the gemstones, the gold, and this data must be protected.

To avoid data madness, or the immense financial and irreparable damage done by lost confidential information, follow these tips to safeguard valuable data:

"Around 23 percent of IT thefts occur in office."

Securing physical data
While many organizations worry about theft from cars, airports or other public places – not enough information is paid to a real danger: the office. According to a Kensington report, 23 percent of IT thefts occur in office. This is nearly 10 percent higher than hotels and airports.

The same report found that over a third of IT personal have no physical protection in place to prevent hardware from being stolen. Only 20 percent used locks to protect hard drives.

While organizations worry about small devices like wearables and smartphones, basic security cannot be overlooked. Companies must take steps to ensure that only employees or approved guests have access to the premises. Even then, not every worker needs universal access. Server rooms and hardware storage should be kept behind additional locks.

IT teams should also be required to keep a thorough inventory of all network-enabled data devices. This will alert the organization quickly should a theft occur. While cybersecurity grabs headlines – the importance of a good, strong physical lock cannot be overstated.

Malicious third parties are not above using simple and primitive tactics.

Protecting digital data
While physical protection is essential, cybersecurity is rising in importance. Gemalto data states that, since 2013, more than 9 billion digital records have been stolen, misplaced or simply erased without authorization. More troubling is the recent increases in data loss. Gemalto also recorded a steady rise data breach occurrence and a dramatic uptick in misplaced or stolen information.

Cybercriminals adapt quickly and their tools are constantly evolving. Deloitte released a report chronicling the increasing tenacity and sophistication of ransomware, a disturbing cyberattack that strips away essential data access from organizations and charges them to get it back. Infamous attacks like WannaCry made headlines last year and unfortunately these incidents are expected to become more common.

When enhancing cybersecurity, take a company-wide approach. Every employee with network access needs to be educated on basic risks. Network administrators should also structure internet connectivity to run on the principle of least privilege. As with the physical server room, not every employee needs access to every file. Permissions should be given sparingly.

Lastly, businesses need a concrete plan if and when a data breach do occur so that they may respond efficiently and swiftly to contain the attack. 

Finding the point of breach quickly can reduce the damage done by cybercriminals. Finding the point of breach quickly can reduce the damage done by cybercriminals.

The Cloud Advantage
One of the reasons that cloud services are so popular is that they alleviate certain cybersecurity concerns. Many businesses, especially smaller organizations, have budget restrictions, whereas a cloud services provider like Microsoft annually invests $1 billion in cybersecurity, according to Reuters.

Handing off information security concerns to a trusted organization with more resources is a way to help safeguard your data, backing it up so that it will never be lost or stolen by a malicious third party.

Data Madness: The importance of deleting/removing critical data from old devices

/0 Comments/in , , , , , , , /by

You arrive at work and get an immediate call to see the CEO. Upon entering the office, you notice that the CIO and other executives are in the room, as well as several people in suits you don’t recognize. Everyone is looking stressed, brows furrowed and heads bent.

Those new people in suits are lawyers planning the company’s defense to the major data breach that was just detected. The malicious activity occurred last month and the hacker supposedly used your information.

After frantic moments of head scratching, you remember: You sold your smartphone last month. While it was a personal device, you used it to check office email and it had stored access to the company network password.

While data madness often happens when vital data goes missing, it can also occur when data isn’t properly disposed of. Too often, organizations fail to stress the importance of information security at every phase of the hardware’s life cycle. Before a machine can be decommissioned, data must first be thoroughly purged and, in some cases, destroyed.

A broken phone can still house perfectly working data. A broken phone can still house perfectly working data.

Sanitizing data vs. deleting data
In some companies, the temptation is to delete data by moving it to the recycling bin and pressing “empty.” However, this is not enough. According to Secure Data Recovery, data emptied from the recycling bin is not permanently deleted – at least not right away. The computer simply deletes the pathing and labels the information as “free space,” meaning that it can be overwritten by new data.

For all intents and purposes, data deleted from the recycling bin is gone, at least as far as the layperson is concerned. Those with computer programming and specialized skills or software, however, can recover the information and restore it. If you’ve ever done a search for “data recovery” – you will see that these skills are not in short supply.

Yet companies make this mistake all the time. A survey conducted by Blancco found that almost half of all hard drives carried at least some residual data. The same was true for over a third of smartphones. Files such as emails, photos and sensitive company documents were recovered from these devices. To securely delete files requires a more thorough process.

The University of California, Riverside defines data sanitization as “the process of deliberately, permanently, and irreversibly removing or destroying the data stored on a memory device.” Sanitized data drives typically carry no residual data, even with the aid of recovery tools. However, this solution often times requires additional software that will erase and rewrite information multiple times.

Companies have a wide variety of options to choose from when it comes to securing data sanitization software. Microsoft even provides an in-house solution in the form of its tool, data eraser – which has been optimized for PCs and tablets. It’s important to remember that different types of data drives will only be compatible with certain software.

Given the sensitive nature of the material in question, companies should only choose data sanitization software from trust organizations.

Recycling bins - like their physical counterparts - are not known for permanently disposing of trash. Recycling bins – like their physical counterparts – are not known for permanently disposing of trash.

When physical destruction may be needed
However, for some kinds of data, sanitization may not be enough. This can be regulated by internal business policy (such as placing employee payroll information as the most sensitive data) or by government laws like HIPAA – which mandate time-effective data destruction.

In this case, the storage device matters more. Hard disk drives, commonly found in computers and servers, are the easiest to destroy as they operate on magnetic fields. A hard drive degausser can permanently alter these fields, leaving the device completely unreadable.

Solid state drives and flash media are more difficult. Their data storage is circuit-based, rendering a degausser ineffective. These drives should be shredded or destroyed by quality equipment expressly designed for the task. Hard drive data can be recovered after improper destruction, even in extreme cases. ComputerWorld reported that data was restored from the wreckage of the Columbia space shuttle tragedy, illustrating the hardiness of certain drives and the effectiveness of professional data recovery tools.

Safely disposing of data is no easy task and innovations like the internet of things have made it more difficult. Cybercriminals may be developing more sophisticated ransomware but they are also still routinely diving in dumpsters and scoping out secondhand stores for improperly deleted data. Make sure your company is taking the necessary steps to avoid data madness.

Data Madness: Exploring the reliability of in-house data vs. cloud servers

/0 Comments/in , , , , , , , , , /by

Much is made today about choosing the right kind of data storage. When you’re running a team, the last thing you want is for some crucial information to go missing. Such a setback can be disastrous, especially if the data lost was from a survey or customer response. In addition, you have the added anxiety of only hoping the data was lost, not stolen.

As data madness continues, we’re exploring the most secure methods to backup essential data. In today’s article, we’re putting the two most popular solutions under a microscope: in-house servers and cloud data storage. For many companies, success literally hinges on data security. Know the best method and keep your organization running.

How to keep in-house servers running effectively
The longer a server is in operation, the more likely it is to break down. A Statista report found that only 5 percent of servers broke after the first year. By the fourth year, that number had more than doubled. By year seven, nearly 20 percent of servers failed. While the likelihood of a break is still relatively low after seven years, organizations are clearly taking a huge risk. Executives at this hypothetical company might as well tell their employees that there is only an 80 percent chance for productivity each day.

Servers should be continually replaced and upgraded to be effective at securely housing data. However, age is not the only factor that can cause a server to malfunction. RocketIT stressed the need to continuously upgrade server software to keep it protected and compatible with modern systems.

Since servers are gold mines of confidential data, they are the prime targets for any malicious hacker. Keeping servers up to date not only keeps them running smoothly, it also reduces the risk of viruses and malware being able to infiltrate the hardware.

Lastly, if your business opts for servers then it needs a dedicated, maintained space in which to house them. According to Serverscheck, the ideal server room temperature is between 64-80 degrees Fahrenheit with no more than 60 percent humidity. Servers work best with constant conditions so any change could impact device functionality. In addition, if there is a flood or water leakage in the room, then the organization is at serious risk of data loss.

Servers need dedicated, environmentally-controlled space in order to function at peak levels. Servers need dedicated, environmentally-controlled space in order to function at peak levels.

Choosing the right professional cloud services provider
If your company instead opts for a cloud service provider, it must choose the right provider. There are currently numerous options in the field, with Amazon and Microsoft standing out as the dominant players.

Many cloud service providers use physical servers themselves. Essentially, they handle all the maintenance, storage and cybersecurity responsibilities and charge clients for the operations. While some servers, like Cisco in a recent fiasco, have lost client data, the problem has so far been a rare occurrence, according to The Register.

However, there is another side to cloud data. It can keep existing even when the order is given for deletion, as some celebrities learned in an unfortunate way, according to Wired. If an organization is going to store data through a cloud provider, they should be very careful if and when additional backups are made. Data that survives its intended expiration can be dangerous, especially if the parent company has no idea it exists.

And the most secure data storage method is…
Oxford Dictionaries chronicled the phrase “you can’t have your cake and eat it too” as a way of summarizing that you need to choose only one option. With data storage – you can eat as much of your cake as you want, while still having an infinite supply left over. For companies serious about safeguarding data, the best option is simply both.

Backing up data to multiple sources is one of the best ways to ensure that it is never accidently deleted. Just be sure that every copy is secure, to keep classified information out of malicious hands.

Storing data in multiple sites ensures that it lasts longer. Storing data in multiple sites ensures that it lasts longer.

3 ways managed services provide access to the most advanced IT tools

/in , , , /by

An increasing number of businesses are turning their focus to managed IT services. These solutions, when maintained and updated by a team of trained professionals outside of the core business, can offer numerous benefits, including cost savings, enhanced security and access to a growing number of advanced tools.

Those are just a few of the reasons businesses across many industries have adopted managed services as part of their critical IT infrastructure. As a result, the market for these solutions has been on the rise – MarketsandMarkets reported that by 2021, the global managed services sector will reach a value of $242.45 billion, a considerable increase over 2016’s $145.33 billion.

One of the most attractive advantages of leveraging managed services is the ability to access some of the most innovative, state-of-the-art IT tools and components. Let’s take a look at three ways managed service providers make this benefit possible for today’s enterprises:

1) Leveraging advanced infrastructure as a market differentiator

As the market for these services continues to grow, competition among solution vendors will only ramp up. Currently, there are more than a few service providers existing in the marketplace, with more breaking into the sector every day.

This not only creates more options for business decision-makers, but also helps ensure that companies have access to the most advanced infrastructure tools possible. In order to compete, solution vendors utilize their modern infrastructure components to differentiate themselves in their industry vertical. The most advanced tools become feathers in the caps of service providers, helping them grow their client base.

“The most advanced tools become feathers in the caps of service providers.”

“[A]s customers seek to adopt these new capabilities, managed services offerings must adapt too,” wrote MSP Alliance contributor Charles Weaver. “Offering higher value advanced services not only helps to overcome the potential revenue loss, it also helps MSPs differentiate and grow their businesses more profitably by providing greater customer value.”

In this way, having the most up-to-date infrastructure that takes advantage of the newest network components and management strategies enables service providers to make a name for themselves in a growing marketplace. Best of all, clients get to utilize the most advanced equipment possible.

2) Bridging internal technology gaps

One of the top reasons businesses adopt managed services is to leverage innovative solutions in a way that works with the assets the company already has in place. Managed service providers can provide technology that integrates with the enterprise’s infrastructure, helping to bridge any caps in capability or functionality that might have existed previously.

This is especially pertinent as vendors expand their reach, offering access to an increasing number of advanced solutions. In today’s market, an array of critical processes can be outsourced, allowing enterprises and small businesses alike to create a holistic technological approach.

“[W]hile companies are increasingly relying on outside providers for part of their IT needs, MSPs generally complement rather than replace internal IT,” noted CIO senior writer Thor Olavsrud. “Instead, especially in larger companies, bringing an MSP into the mix frees up existing IT staff to focus on more strategic projects.”

This is a considerable boon, not only for the service provider, but for its client partner as well.

Managed service providers can offer access to advanced tools that might otherwise have been too expensive for businesses to implement internally. Managed service providers can offer access to advanced tools that might otherwise have been too expensive for businesses to implement internally.

3) The most cost-efficient IT resources

Building upon this is the fact that managed services can help even the playing field among businesses of different sizes, providing access to advanced tools that might otherwise be out of reach for smaller organizations. Many solution providers offer innovative solutions at an incredibly cost-effective price, enabling businesses to eliminate the need for up-front investments while supporting predictable IT costs.

This benefit is especially powerful for small businesses, but can be a significant advantage for organizations of all sizes.

“Some small businesses just don’t have the capital to purchase new hardware,” Netswitch pointed out. “Instead of figuring out whether you want a lightning-fast server to work with your databases or your web hosting, you get access to high-end servers working in a distributed resource environment. This gives you an even better performance boost. You avoid paying the overhead for expensive servers while still reaping the benefits.”

This only scratches the surface when it comes to the advanced IT tools offered by today’s managed service providers. To find out more, contact industry-leader ISG Technology and check out our managed service solutions today.

New Call-to-action

3-2-1 Backup Rules Best Practices

/in , , , /by

Companies that backup to tape as their offsite backup often aren’t aware of what recovering from tape looks like until they unfortunately have to live through it. Depending on the nature of the failure and the extent of the data involved, that type of recovery can take days to restore “business as usual” functionality.

Image result for 3-2-1 backup rule

What Backup Is… and What It Isn’t

Data backups are critical for data protection and recovery, but they should not be a substitute for other important parts of your IT strategy:
$1,000 Free Cloud Connect Services

  • Backup is for data protection and targeted item recovery:
    It is not for archive. Archives ideally will be indexed for search, have a managed retention policy, and will be stored on less expensive storage mediums.
  • It is not for disaster recovery. It is nearly impossible to test a full environment recovery scenario when relying on this method. It will often require 100% more equipment overhead to have the empty equipment in standby, equipment not providing any usefulness or return on investment
  • It is not a failover solution. Recovery times with this method should be measured in weeks, not hours.

Snapshots are not backup:

  • Snapshots can be used as one part of a backup strategy, but provide no protection on their own in scenarios where the storage devices have failed or are no longer available
  • Snapshots are usually not very granular and are commonly the recovery method of last resort
  • Snapshots are not disaster recovery on their own, only a part of a comprehensive plan

The untested data recovery plan is both useless and a waste of time to create:

  • Make time for testing, it will always be worth it.
  • Do not let the single point of failure be a human, involve many members of the team in the process so that when the time comes to execute your plan it does not have to wait for the only one who knows how.



Free White Paper




Shadow IT: What it is and how to mitigate it

/in , , , , , /by

Technology has advanced at an incredibly fast rate in the past few years. Innovations such as the computer that were once thought too expensive for personal use are in a vast majority of American homes, and the emergence of the smartphone has increased the internet’s reach even further.

It would seem that every day some new device or piece of software is making life easier for people, and while this may be good for the consumer, it poses a major risk for IT administrators. The in-office use of these kinds of technology is called shadow IT, and it’s causing some big problems for organizations all over the globe.

How is shadow IT formed?

“The issue at hand here has to do with an employee’s personal convenience.”

The issue at hand here has to do with an employee’s personal convenience. As a rule, shadow IT very often forms when a worker decides to go outside of the company-supported suite of software and hardware in order to use something he or she is more familiar with.

A good example of this would be an employee that gets fed up with a certain file storage/exchange system. They don’t know how to work this platform, so they decide to use a free service that they’ve relied on before.

While this may solve a convenience issue, this employee is now moving company information around utilizing a platform that isn’t supported by the internal IT team. This creates a gaping security vulnerability that a hacker could work to exploit.

BYOD can help foster it

An aspect that a lot of administrators don’t consider is that shadow IT doesn’t just pertain to software or digital platforms. As TechTarget contributor Margaret Rouse points out, hardware is also part of the equation.

Your employees have all kinds of personal devices that they use at home, and they bought them for good reasons. They have experience with this tech, and this can very easily translate to an increase in productivity.

In fact, the bring-your-own-device trend hinges on this exact principle. BYOD allows organizations to sidestep paying for new equipment by simply allowing workers to bring in their own gadgets. On top of that, staff members get the unique ability to complete daily responsibilities with the tech they know and love.

When done properly, this is a perfect example of a win-win scenario. However, a BYOD deployment must be implemented properly. The IT team needs to handle this transition to ensure that the devices in question are properly secured against hackers. Without some kind of security procedure on the books, companies could be looking at a data breach.

The problem is that employees very often don’t know about the risks involved here. Again, without any sort of maliciousness, they’re simply thinking of their own convenience and choose to bring in their own gadgets without clearing it with company officials. In fact, a survey from Gartner found that more than one-third of respondents were currently completing work-related tasks on personal devices without telling anyone about it.

This is huge because the average person simply does not take the time to properly secure their gadgets on their own, especially considering the high standards of data security many industries need.

A consumer affairs survey found that only 8 percent of average smartphone owners had software that would allow them to delete the information contained on their phone should it be stolen. While most people would worry about the photos and other irreplaceable memories in the event of a theft, a stolen smartphone can easily turn into a major data breach should the wrong person get their hands on the gadget.

Smartphones used for work must be secure. Smartphone security is incredibly important in a BYOD plan.

Companies must take action

Clearly, shadow IT is no laughing matter, and organizations must take decisive action in order to mitigate the risks of a data breach. So, what would this look like?

First and foremost, set up a meeting with employees to explain the consequences of their actions. As stated, it’s not that these workers are actively trying to sabotage the company. Rather, they simply don’t understand that using a personal device or outside software could cause serious harm. These people simply need to be educated about what can happen when they step outside the approved systems.

Second, to attack unlicensed BYOD directly, administrators must come up with a plan. This could include banning these gadgets outright, but doing so is nearly impossible to enforce, and completely misses all of the advantages BYOD has to offer when done correctly. A better option may be to simply work with a vendor that knows how to implement a secure system to regulate these devices.

Finally, it might be important to figure out why employees were using outside tech to begin with. Are current solutions not doing what they’re supposed to? Do you need to implement training sessions? Would it be best to simply move on to a different platform? Answer these questions and you can work to find the root of the problem.