You may have heard of the term ‘shadow IT’ buzzing around the tech scene. If you haven’t, ‘shadow IT’ is essentially the usage of unmanaged applications in a business environment. When regular users install and begin using an unauthorized app without the knowledge of IT, this means they are de facto shadow IT.
At face value, shadow IT can often sound like a good thing. In most cases, it implies that employees are being productive and taking it upon themselves to install apps that will better their performance and therefore the company. And with many companies adopting the BYOD (bring your own device) model, this kind of thing seems to come with the territory. However, unauthorized apps may present small security vulnerabilities that could turn into major issues if exploited.
While shadow IT aren’t innately malicious, it can cause some serious issues for a business. Because not all apps are created equally, the unmanaged app could be using poor coding techniques which can lead to vulnerabilities that may affect the device, other apps or information sent over the network. Here are a few ways on how to mitigate the issue if you find yourself with a shadow IT trailing you.
- Make sure every device is up to date. One of the best ways to protect against potential threats is to make sure everyone is regularly updating their device’s operating system. It is important to routinely update the OS in order to make use of security patches and performance improvements. For older devices that aren’t compatible with current software versions, it is best that these devices be removed from the network or at the very least, should not have company apps installed to use outside the premises.
- No rooted or jailbroken devices. Even though you may have some users who like to use opened devices, this could present a security risk. Most frameworks won’t allow you to update the OS beyond a certain point meaning app security will begin to suffer in time. Perhaps if the device is owned by someone in IT who knows a thing or two about security, this might not be a problem. However, for regular users, make it mandatory to use the device’s stock performance.
- For larger organizations, use an MDM solution. It’s difficult to set guidelines and trust that everyone will abide by the rules, so MDM (mobile device management) is usually a necessity for midsize businesses and enterprises. If you’re using a product like Microsoft Intune, VMware Workspace ONE, or SOTI MobiControl (among others), these mostly platform-agnostic systems allow your business to enforce password policies and protect business applications without completely taking over a user’s personal device.
- For smaller organizations, use 2FA whenever possible. For smaller organization, device administration for BYOD companies might be altogether avoidable. In addition to making passwords a necessity, set up a two-factor authentication (2FA) service to protect data and services. Most apps and their respective platforms have their own built-in features for 2FA, which is helpful, but it would be better to use a service that protects multiple apps.
- Mind regulatory compliance. For any size business, client confidentiality is a must. In addition, certain regulatory agencies (e.g., HIPPA, SOX, etc.) may fine you if you’re found to be in violation. Make sure to dig into the policies to which you’re subjected, and from there, develop a best-practices guide for users to reference. If this works, that’s great. If not, consider using a cloud access security broker (CASB) when 2FA services offer too little, but MDM solutions feel like overkill.