Octagon Technology and 365R deals with Shadow IT

Shadow IT is a term that refers to the use of un-authorised or unknown hardware and software in an organisation. Often the board through the IT Department has written a policy for for what can and cannot be used in an organisation for processing their information but when someone finds a new “whizzy” bit of tech that helps them work faster or simplifies a task, people are tempted to use it – and when one starts it often cascades.

Companies who have these types of policies will also have a procedure to request a change in these policies and to start using a new piece of software or hardware but these processes, which have to include “due diligence” take time – and human nature is such that they want “whizzy” today not in Q3!

Here you can hear the voice of experience who has had to manage and sort these types of situations many times. We had dealt with this at a variety of clients over the years but things really started to accelerate when Dropbox was launched. It seemed suddenly overnight business owners, board of directors and managers in many of our clients had lost control of their information as everyone was using Drobox. Even today Dropbox is a regular “offender” when it comes to the unauthorised sharing of information.

At Octagon, their new 365R was designed to help control compliance and change across organisations large and small. In conjuction with this at Smart Thinking we have policies and procedures and incident response plans to help manage and eliminate Shadow IT

The reason I ended up talking about this subject today is that the SANS Internet Storm diary has an article showing bad actors exploiting uncontrolled shadow IT in an organisation.

Shadow IT Makes People More Vulnerable to Phishing (sans.edu)

Clive Catton MSc (Cyber Security) – by-line and other articles