wonderfully unique software solutions

Make the most of shadow IT with Atlassian

Achieving mutual trust between a security team and its constituents while balancing rules and culture is critical when trying to deal with the shadow IT phenomenon, says Liam Hausmann for Atlassian.

Shadow IT of course is technology that has sneaked into the organisation without administrative oversight. In some companies, most of the cloud-type applications in use can be “shadow” in this sense — and therefore risky, with many attacks this predicted to be via shadow IT.

Yet people use shadow IT because it can offer them some way of working or feature that the company-approved tech does not. Often, it relates directly to increased productivity.

“Managing the benefits and risks of shadow IT comes down to two balancing acts: balancing rules with culture, and balancing security with flexibility,” Hausmann explains.

“Reaping the benefits of these balancing acts is only possible through mutual trust between the security team and its constituents.”

This doesn’t mean abandoning rule-making, but simply being “more selective” about the rules and how they are followed. Hard and fast policies, adds Hausmann often just don’t work, and increase the distrust between security teams and grassroots workers.

Protect the company’s most sensitive data and locations, he says.

“At the same time, cultivate a culture of collective responsibility within the rest of the organization, so every individual in the company understands their role in security. This starts with providing transparency into the security posture of the company, and engaging with other departments to create a shared understanding of the needs of the business,” Hausmann continues.

The Atlassian blog goes on to explain the role of balancing security against flexibility when it comes to combatting cloud software threats.

“Most conversations around shadow IT fail to acknowledge a critical point: that IT team may not even be ready or equipped to bring the full array of shadow IT tools used by the organization under administration,” adds Bill Marriott for Atlassian.

“This is where a strategy that includes a measure of flexibility comes in handy.”

This can allow the IT team to stay focused on its strategic priorities rather than managing the tools of their constituents. Start by developing an understanding of the landscape.

“Map out both your administered IT and as much of your shadow IT as you can find, and the data your company touches, both sensitive and non-sensitive,” writes Marriott. “Next, identify your risks and priorities. Within that landscape, what systems are important enough that they absolutely need to be centrally administered?”

Marriott goes on to explain that then a correct focus should be possible. Deciding on the company’s priorities will allow the security team to map out a plan for newly added or discovered tools or data, including whether they require centralised administration. In addition, communicate these priorities and strategy across the organisation, he concludes, which also builds trust across and between teams.

Atlassian discusses the subject in more depth here.

Recent Articles

RealVNC remote-access highlighted by six finalists for Raspberry Pi prize

RealVNC, maker of RealVNC Connect, has named six finalists for this year's RealVNC Raspberry Pi Prize with winner and runners-up to be...

Cyberattack climate entails customised firewalling, notes Stormshield

Firewalling at the edge is no longer enough so organisations increasingly need to combine suitable location with segmentation and zero-trust strategies that...

Palm vein biometrics market set to explode this decade

The market for palm-vein based biometrics has been forecast to expand in line with a compounded annual growth rate of 22.4% from...

Automox targets unsigned scripts with PowerShell signing capability

Endpoint management company Automox is unveiling Worklets Signing, which complements Worklets and Ask Otto with a view to helping companies dodge the...

Arista warns SMBs to take precautions against edge threats

Arista Networks, the vendor of Arista Edge Threat Management (ETM) has warned that SMBs aren't always aware of the extent of targeting...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox