Security Risks and The Dangers of Stealth IT
A “do-it-yourself” sort of attitude can be a boon for companies—after all, who doesn’t want their employees empowered to do work and get things done? However, there is one area in which this sort of attitude has distinctive negative effects on your business: Stealth IT, sometimes known as Shadow IT.
Stealth IT often emerges when employees find IT departments too slow to respond to the requests for cloud services or too strict, though this is often for good reasons. Because cloud environments are quick to create and configure, they become tempting solutions for “do-it-yourselfers” wanting to go around the IT department.
When employees go outside of IT to set up their own infrastructure, without organizational approval or oversight, corporate data and service continuity is put at risk. Common examples of Stealth IT include services like Google Drive, Dropbox, and external email providers, as well as some other types of cloud services, like the cloud, compute services, cloud databases, or website hosting. Sending data across these platforms without a security agreement in place (and often without any knowledge of the system’s existence within the business) can open the company up to compliance risks, not to mention potential security concerns if any of these services experience a breach.
Among the biggest risks of Stealth IT are:
- Hidden services providing crucial business functions. If critical files are stored on a system unknown to management or the organization, and the person managing that instance of Stealth IT leaves the company, data can be lost and outage can occur.
- Hidden costs. Small reimbursements often go unnoticed by the business at large, falling outside the cost range that accounting or procurement investigate. If these are being used to recoup an employee’s cost for their Shadow IT system, these costs can add up over time to a large unapproved expense—and if a reimbursement is missed, the hidden service may go down, which is especially dangerous if the system is an important one.
- Improper governance. No oversight typically means that proper security protocols and processes are not followed, opening the business up to unnecessary risk.
Protecting your business from Stealth IT is a tricky business. Simply restricting Stealth IT can only encourage more covert behaviors. A variety of techniques (network discovery, traffic monitoring) can be used, but there are no guarantees of accuracy. Instead of restricting, if IT allows individuals to set up their own environments they could have full visibility and control of all environments by simply using a tool like BetterClouds. By allowing multiple accounts, “DIYers” can have the benefits of their own environments while still being able to be seen and governed by IT management. BetterClouds allows for multiple accounts to existing, without causing the burden that usually comes with having separate billing, managing and monitoring accounts. Through consolidation of these aspects of cloud management, our platform simplifies the whole process.
“While BetterClouds doesn’t stop Shadow IT, it reduces the barriers which encourage Shadow IT and gives management the oversight they are looking for,” says Drew Bixby, DoubleHorn’s Director of Product.
If you’re concerned about Stealth IT in your organization, or if you’ve identified unauthorized systems in use, perhaps it’s time to consider a better way to manage and monitor your cloud deployments. You can read more about BetterClouds on our website. Want to speak with a cloud specialist about the platform? Contact us here.