How Is Your Company Addressing Rogue IT?

03 March, 2015

According to TechTarget, "Rogue IT" is the use of unsanctioned information technology resources within an organization.  Is your company heading down the slippery slope of rogue IT?  Are your employees downloading unauthorized apps on personal devices or using Dropbox, Google Docs, or other SaaS platforms that can lead to document leakages, lost business and financial penalties?

lockedbytesWhen employees begin relying on their personal smartphones and cloud apps to get “anywhere, anytime” access to company systems and data, they no longer see the need for the IT middleman. It’s known as “Shadow IT” and it’s definitely a problem in today’s enterprise. Enterprise IT vendor recently ran a competition to highlight the problem. They asked participants to provide the best (or worst, depending on your perspective) example of rogue IT gone wrong. Here are the winners:

First Place First place in the “Rogue Hall of Shame” goes to a new MacBook owner who, frustrated by the lack of Wi-Fi in his office, invested in a wireless router. The router was so simple to setup, not even requiring configuration of wireless or security settings! All was fine, until a few days later when this executive noticed his internet was running slower than usual. Thinking it was just his ISP, he ignored it, but after a few days with no improvement he called in a security expert to assess the situation. The expert discovered that someone was sitting in on the local network and had captured, or “sniffed,” all of the wireless traffic from the portable router—including all the passwords to the company’s accounting and file server, which were being sent to a server in Asia. There was no trail, and to this day our executive isn’t sure what was taken or by whom. “Users want to work in their own ways, including the CEO,” advises judge Nick McQuire, CEO at The Global Enterprise Mobility Alliance (GEMA). “Something as harmless as wanting to work wirelessly in the office via a single Wi-Fi router can have drastic repercussions.”

Second Place Second place goes to two doctors, who left their positions with a hospital, yet continued to book their travel and vacation plans through the hospital’s travel service. This rogue behavior was made possible because the hospital had recently switched their apps to the cloud and had moved all personal information management systems to Google Apps. While their Google credentials were shut down, Active Directory didn’t have any policies to de-provision the other applications. It took two or three quarters before the CFO discovered the departing doctors’ rogue purchases.

Third Place Third place is awarded to the security team of a large nonprofit that anonymously called up Dropbox to investigate recent hackings and rumors of rogue IT use. The team was alarmed to discover that Dropbox had a list of 1,600 user names and email addresses of rogue IT users within the large nonprofit.

The Rogue Hall of Fame competition raises some real issues. It’s becoming increasingly difficult for IT to do their jobs and at the same time provide the flexibility and agility so employees can do theirs. Moreover, IT’s concerns that business users are blindly walking into potentially damaging situations seems to be borne out in the experience of many corporations.

It certainly seems to highlight the need for open and honest dialog. IT needs to continue to broadly assess security and compliance issues and the real risks of new technology solutions and employee workarounds. At the same time, business users need to better understand the drivers for IT decisions and respect that those decisions are made for very good reasons. Only when these two worlds work together can organizations both avoid the costly losses caused by unauthorized IT use as well as deliver compelling solutions to employees that allow them to do their jobs more productively.

Rogue IT is readily available, and it represents an insanely easy solution for employees who don’t always consider the consequences. As a result, rogue behavior is costing US organizations $2B a year to clean up (according to a recent survey conducted of 500 businesses by uSamp - United Sampling).

If your organization is not providing secure, timely alternatives that are as simple to use as what business consumers can find elsewhere, you are at a serious risk of rogue IT. 

Learn how ShareVault secures confidential documents for secure file sharing: