Fisher's Focus: Cybersecurity for Shadow IT August 11 2017 For a cybersecurity program to succeed, it must identify the assets it aims to protect. Without a clear understanding of its assets, no organization can truly understand the value of its resources, assess the risks the organization faces, or understand how much to spend to secure the organization’s infrastructure. Shadow IT – Defined as the presence of unknown systems, information, and assets on a network – is on the rise due to: Personal & Mobile Devices – Continued growth of mobile and personal devices present on the network IoT Devices – The number of these devices on the network continues to grow as each device adds new sources of data and opportunity for analytics Cloud-Based Solutions – Cloud-based solutions will continue to present challenges as cloud costs continue to get lower, fueling migration to the cloud Non-Traditional Application Development – The necessity for analyzing growing datasets and staying agile has led to increased demand for business-line applications, which places a strain on traditional Application Development (managed by the IT department) and leading to the non-traditional Application Development (managed by the lines of business) Improper decommissioning of hardware and software – Just because a device or software is decommissioned doesn’t necessarily mean that it’s been turned off, disconnected from the network, or disposed of properly. Convenience and productivity are often the drivers for adopting shadow IT. Employees deploy solutions that are not approved by their IT departments. The reasoning is that following the traditional route for approvals is too complicated or time-consuming. Shadow IT is an issue that is not isolated to specific industries, regions or tech-savvy organizations. There is little difference in the statistics by industry or geography, reinforcing that the challenge of shadow IT is prevalent across all companies, industries, and countries. The lines between work and personal apps have become blurred, as well as cloud solutions, and all other devices. The lack of hard boundaries between these technologies complicates not only management of the data but also the solutions for cybersecurity. According to Gartner, one-third of successful cybersecurity attacks will have been caused by shadow IT by the year 2020. Still, shadow IT is here to stay due to the benefits it brings to the organization in productivity, innovation and deployment time. IT leaders need to enable the enterprise to adopt the best aspects of shadow IT while reducing its downside and risks. Ultimately, the data needs to be protected, whether it’s on a smartphone or it’s going to be on a future IoT device. Data is in motion between various devices and solutions—leaving the traditional on-premises firewalls. Organizations have to make sure that processes are in place to secure the data wherever it lies. By crafting the right policies and solutions which curtail the use of shadow IT while also helping the organization accomplish their goals, cybersecurity professionals can help create an environment where cybersecurity is no longer seen as a stumbling block and is instead actively sought out, leading to a more secure environment.