2. What are the IT risks for organisational information security when using Shadow IT software?
3. Does the IT risk increase when using open-source Shadow IT software? (Yes)
4. What is the motivation to use Shadow IT?
The study used triangulation approach [The idea is that one can be more confident with a result if different methods lead to the same result] to investigate the Shadow IT phenomena and its findings open Pandora's Box as they lay a new picture of what Shadow IT looks like from the software perspective
Risk bring by Shadow IT: Information Security (Most significant), Compliance issues, wasted time, inconsistent business logic, increased risks for data loss or leaks, wasted investment, etc.,
- 1. in-depth analysis of organisational Shadow IT software. Fortune 500 firm that has over 10,000 employees. data collected from the firm's endpoints where each endpoint (PC, laptop, etc.) was scanned and all installed software was retrieved
- 2. four practitioner surveys found online.
- 3. Case study
- 4. Literature review
Findings:
The report argues that employees are much more tech savvy than they were a decade ago. This fact also means that employees will have no issue bypassing IT departments. => educate them better on [the] risks that their acts may have’ => raising awareness not providing policies that noone reads
- 1) Risks behind Shadow IT use are high;
- 2) Data integrity and account information represent the biggest threats;
- 3) Employees are aware of the possible risks when using Shadow IT;
- 4) IT policies are either non-existent or unclear to employees; and
- 5) Employees, despite their knowledge about the risk, continue their behaviours.
1. What type of Shadow IT software is used in organisations?
1) productivity software (e.g. Google apps),
2) communication software (e.g. Skype),
3) utility tools (e.g. CCleaner or 7-Zip),
4) internet browsers (e.g. Firefox), and
5) PDF tools (e.g. PDFCreator)
6. Greynet: Network applications installed by the end users that use evasive techniques to traverse the network.
4. What is the motivation to use Shadow IT?
employees extensively use Shadow IT software that leverages their productivity and enables faster
and better collaboration and communication. Moreover, employees believe that they are not doing anything wrong and simple naivete is driving their behaviours
Restriction is a valid countermeasure, but not a solution, to Shadow IT challenges that can become
opportunities for the entire organisational ecosystem
Comments:
Define Shadow IT: software, hardware, other solution
Approach: user-driven
How: not mentioned
=> good article to have some background understanding of Shadow IT
Bibliography:
Silic, Mario, and Andrea Back. "Shadow IT–A view from behind the curtain." Computers & Security 45 (2014): 274-283.
No comments:
Post a Comment