The threat of Shadow IT is not new. But, amid remote work environments, various unapproved high-risk applications and unsanctioned devices can pose a massive risk to the corporate infrastructure, writes TetherView CEO and founder Michael Abboud.Â
In the first weeks of the pandemic, businesses worldwide scrambled to get their employees up and running remotely. For many IT departments and CIO’s, this dynamic shift to remote work was a dramatic wake-up call for businesses that were not yet in the cloud.Â
Seemingly overnight, COVID-19 forced IT departments and CIOs to adopt new technologies to address their new remote workforce’s functional needs. The forced acceptance of BYOD, SaaS-based browser solutions, and a new generation of communications tools left IT departments playing catch up with their employees. This has created a huge potential threat to businesses, in the form of Shadow IT: applications and devices, largely SaaS, that employees set up and use without IT permission or Corporate controls.Â
The threat of Shadow IT is more than just employees improperly using their personal cloud – it extends throughout the entire IT infrastructure. From browser-based plugins to unsecured devices, Shadow IT represents one of the biggest potential vulnerabilities in IT today. It is my belief that the data breaches that will occur in 2021 as a result of these practices have the potential to fundamentally change how CIOs and IT departments approach enterprise security.
Learn More: Physical Device Security Is Vital in the Remote Work Era
Insecure Devices Carry Huge RisksÂ
According to a 2020 study by CyberarkOpens a new window , 77% of remote employees use unmanaged, insecure BYOD devices to access corporate systems. With the global public cloud infrastructure market expected to grow to over $120 billion dollars in 2021Opens a new window , BYOD devices’ prevalence amongst remote employees is set to increase dramatically.Â
Many businesses today have the misconception that SaaS and browser-based solutions are safe. However, in a world where employees are often accessing these services through insecure and potentially malware-laden devices, this reasoning goes out the window. The widespread use of browser extensions, emerging SaaS vulnerabilities, and unsecured home networks are just a few of the new factors that CIOs and IT departments must address.Â
A report last week by WanderaOpens a new window highlights the growing prevalence of insecure remote devices within the enterprise ecosystem. In 2020, 52% of organizations surveyed experienced a malware incident on a remote device, a 15% increase from 2019. Perhaps even more alarmingly, 37% of employees reported using these compromised devices to access corporate emails, and 11% used these compromised devices while accessing their work cloud storage solutions.
Learn More: How to Fast-Track Insights Without Sacrificing Data Privacy or Security
Employees Inadvertently Expose Private Company Data
For many employees, the transition from office to working fully remote has been a largely unguided experience. In June, IBM Security’s work from the home studyOpens a new window found that over half of employees surveyed had not been given any new security policies to work from home securely. Increasingly, cybersecurity risks related to insiders are more common than external threat actors.Â
Findings from the 2020 Netwrix Cyber Threats ReportOpens a new window reveal that the top three most common cybersecurity incidents reported by businesses in 2020 were the direct result of involuntary data sharing by internal employees. Accidental mistakes by admins (suffered by 27% of respondents), accidental improper sharing of data by employees (26%), and misconfiguration of cloud services (16%) represent the top three causes of data breaches.Â
Perhaps most alarmingly, the same study reveals that of the organizations surveyed, more than half (54%) admitted that they do not review user access rights to data regularly. This security blind spot poses an incredible risk for businesses and showcases the important role that IT teams must play in limiting who, what, where, and when corporate data is being accessed.Â
Reconceptualizing IT Infrastructure for the Remote Workforce of Today
Addressing the many threats posed by Shadow IT will require a significant infrastructural overhaul to existing IT departments and clear leadership from CIO’s. We must empower employees by providing them with the critical tools and training they need to stay safe while working remotely. IT departments need to develop and follow key protocols for managing and tracking sensitive corporate data. Until Shadow IT is taken seriously, our very corporate infrastructure is at risk.
Let us know if you liked this article or tell us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!