Resource Credit | AccountingWEB
In his first column for AccountingWEB, cybersecurity expert Adam Harling looks at ‘Rogue IT’, and how your business could be at risk without you even realizing it.
Simply put “Rogue IT” is the use of unauthorized technology in an organization. In days gone by this was usually quite simple and often innocuous.
For example, your creatives storing images and assets on a portable hard disk they privately purchased, a team sharing files on local PCs to bypass all the security requirements imposed by IT to create a share on a server, or in extreme cases perhaps a network-attached storage device connected and storing the files for a department with a tech-savvy team member.
While these actions were not ideal and often had all sorts of backup and security implications, they were at least physical, easy to detect and behind the perimeter firewall. Enter the tech-savvy workforce and the death of physical media.
With a large scale adoption of cloud file sharing, and just about everyone in the workspace now not only comfortable with adopting new technology, but also often keen to work quickly and fully aware that they can achieve the result they need by simply bypassing IT approval, we have a real problem.
Once your IT team loses control of the location of data, they lose the ability to secure it, the ability to back it up and monitor it.
The most common way we see data leaking is via unsanctioned and unmonitored cloud file-sharing platforms. It’s not the choice od the platform that’s the issue, it’s that if it is used to store data, it needs to be managed.
A worked example might start out innocently enough. Our keen team member needs to work on the Q3 forecast from home, the files get transferred to a personal cloud storage account, so the file can be opened from the home PC – and there we have it, in that simple innocent action your data is in the wind and at risk.
- Should that account be breached, your IT team have no control over the passwords or security policies in place on this account
- Should that employee leave the organization, your IT team have no way of removing access to that data
- Should the file contain critical data and be lost or corrupted, you likely have no route to a backup
- The file could be shared with anyone and everyone, inside or outside your organization, even your competition. Your IT team will have zero visibility
What can we do about this issue? Thankfully there are some technologies available that can help, often called “DLP” or Data Loss Prevention.
This technology allows alerts or restrictions on the movement of the data. It can detect sensitive information and prevent it leaving from leaving a network or storage platform.
DLP technology can be found in many modern “UTM” firewalls such as the WatchGuard M series, configured correctly they can be a great aid in keeping your data inside the network.
Microsoft also offers DLP features as part of the Microsoft 365 platform, this can be an involved project to implement but offers probably the most complete technology solution.
As always we need to look at people and process. Make sanctioned tools available to your team. If remote working is required, have a policy and toolset in place before your users “go rogue” and circumvent your IT.
Make it easy for your users to request tools from your IT team, try and remove barriers for adopting new technologies, and should a tool not be sanctioned, ensure your users know why.
Have a robust personal device policy in place, and if you choose to adopt “BYOD” (Bring Your Own Device), ensure you take advantage of MAM (Mobile Application Management) that allows sandboxed access to company data on personally owned devices.
So have you got a rogue? Is your data out of your network and out of control? Contact us to discuss Microsoft 365 solutions to make sure your company data is stored correctly and securely. Contact us on firstname.lastname@example.org or +27 (21) 205 3650.