UK’s NCSC Publishes New Shadow IT Guidance>
– Cedric Pernet
A new publication from the U.K.’s National Cyber Security Centre provides guidance to organizations concerned with shadow IT, which most of the time results from non-malicious intent of employees.Shadow IT is the use of technology systems, software, applications and services within an organization without the explicit approval, knowledge or oversight of the IT department or the organization’s official IT policies.According to Cisco, cloud services have become the biggest category of shadow IT as more employees feel comfortable installing and using various cloud applications without reporting it to their IT department.As written by NCSC, shadow IT is rarely the result of malicious intent but rather due to “employees struggling to use sanctioned tools or processes to complete a specific task.” Some users also do not realize that the use of devices or personally managed software-as-a-service tools might introduce risks for their organization.NCSC writes that “at all times, you should be actively trying to limit the likelihood that shadow IT can or will be created in the future, not just addressing existing instances.” As most shadow IT results from non-malicious intent of employees who want to get their work done efficiently, organizations should try to anticipate the staff’s needs to prevent shadow IT.SEE: TechRepublic Premium’s Shadow IT Policy Regarding technical mitigations, asset management systems should be used for larger organizations.
Link: https://www.techrepublic.com/article/ncsc-new-shadow-it-guide/