Sign up to save your podcasts
Or
Share Tech Talk Roundtable 07-05 | Shadow IT
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Tech Talk Roundtable 07-05 | Shadow IT
Description
Picture this: it’s the middle of the night and you are thinking about how to make tomorrow’s lesson more engaging. You turn to the internet and search through endless lesson ideas and you find that perfect gem, that perfect idea. All you need to do is download a new application that can be downloaded from the internet or the App store. You download it and start using it with your kids. Kids have to go in and create an account. It took two minutes because they used their Google or Office365 authentication credentials and they are off and running. Awesome, right? Well … today’s episode is all about all those little apps, software downloads and hardware that make your IT department’s blood pressure rise. It is called Shadow IT.
Lessons Learned
Dennis - I will make the world’s worst Secret Santa
Daniel - VLC for Mobile is awesome - Share video files over IP address and create playlists.
Chris - Recording feedback is faster than writing feedback, and the kids actually listen!
Fun Fact
A standard “trick” used by telephone tech support people in the 1990’s was to tell you to defrag your hard drive. This gave them up to an hour of time to stall until they could come up with an actual solution to your problem.
Notes & Links
Shadow IT is the term for hardware, software and applications acquired by an organization’s users without going through the IT department. Gartner Research says 40% of all IT spending at a company occurs outside the IT department.
* Make Sure to Vet Educational Apps
* Teachers don’t think they can get the apps they need through official channels in a timely manner.
* Strategy: districts can perform their own vetting of in-demand applications. This can be as simple as ensuring the apps come from a reputable source and offer reasonable security and privacy protections for user data.
* Educate Users on Shadow IT Risks
* An attacker could create a fake application or add hidden, malicious functionality to a good application. When users install the app, they inadvertently install malware on their device. Now the attacker has full access to the users’ data and devices, and can use that access to attack and compromise other district systems.
* It’s hard to get buy-in on security and privacy risks
* There’s no way the district can be responsible for supporting every product and service people find on their own,
* Enforce Network Access Restrictions
* One option is to configure network security technologies to prevent the use of selected shadow IT cloud-based services.
* Solution: It’s also possible to restrict local apps on devices issued by the school district. For example, mobile devices can be set up to download software only from app stores the district has approved.
* Use Security Controls to Monitor for Threats
* Monitor web traffic, email and other forms of communication to stop users from accessing malicious websites, domains and other internet-based resources.
Implications
Besides security risks, some of the implications of Shadow IT are:
* Wasted time Shadow IT adds hidden costs to organizations, consisting largely of non-IT workers in finance, marketing, HR, etc, who spend a significant amount of time discussing and re-checking the validity of certain data, setting up and managing systems and software without experience.
* Inconsistent business logic If a ‘shadow IT’ spreadsheet application encapsulates its own definitions and calculations, it is likely that over time inconsistencies will arise from the accumulation of small differences from one version to another and from one group to another, as spreadsheets are often copied and modified. In addition, many errors that occur from either lack of understanding of the concepts or incorrect use of the spreadsheet frequently go undetected due to a lack of rigorous testing and version control.
View all episodes
By Concordia International School ShanghaiDescription
Picture this: it’s the middle of the night and you are thinking about how to make tomorrow’s lesson more engaging. You turn to the internet and search through endless lesson ideas and you find that perfect gem, that perfect idea. All you need to do is download a new application that can be downloaded from the internet or the App store. You download it and start using it with your kids. Kids have to go in and create an account. It took two minutes because they used their Google or Office365 authentication credentials and they are off and running. Awesome, right? Well … today’s episode is all about all those little apps, software downloads and hardware that make your IT department’s blood pressure rise. It is called Shadow IT.
Lessons Learned
Dennis - I will make the world’s worst Secret Santa
Daniel - VLC for Mobile is awesome - Share video files over IP address and create playlists.
Chris - Recording feedback is faster than writing feedback, and the kids actually listen!
Fun Fact
A standard “trick” used by telephone tech support people in the 1990’s was to tell you to defrag your hard drive. This gave them up to an hour of time to stall until they could come up with an actual solution to your problem.
Notes & Links
Shadow IT is the term for hardware, software and applications acquired by an organization’s users without going through the IT department. Gartner Research says 40% of all IT spending at a company occurs outside the IT department.
* Make Sure to Vet Educational Apps
* Teachers don’t think they can get the apps they need through official channels in a timely manner.
* Strategy: districts can perform their own vetting of in-demand applications. This can be as simple as ensuring the apps come from a reputable source and offer reasonable security and privacy protections for user data.
* Educate Users on Shadow IT Risks
* An attacker could create a fake application or add hidden, malicious functionality to a good application. When users install the app, they inadvertently install malware on their device. Now the attacker has full access to the users’ data and devices, and can use that access to attack and compromise other district systems.
* It’s hard to get buy-in on security and privacy risks
* There’s no way the district can be responsible for supporting every product and service people find on their own,
* Enforce Network Access Restrictions
* One option is to configure network security technologies to prevent the use of selected shadow IT cloud-based services.
* Solution: It’s also possible to restrict local apps on devices issued by the school district. For example, mobile devices can be set up to download software only from app stores the district has approved.
* Use Security Controls to Monitor for Threats
* Monitor web traffic, email and other forms of communication to stop users from accessing malicious websites, domains and other internet-based resources.
Implications
Besides security risks, some of the implications of Shadow IT are:
* Wasted time Shadow IT adds hidden costs to organizations, consisting largely of non-IT workers in finance, marketing, HR, etc, who spend a significant amount of time discussing and re-checking the validity of certain data, setting up and managing systems and software without experience.
* Inconsistent business logic If a ‘shadow IT’ spreadsheet application encapsulates its own definitions and calculations, it is likely that over time inconsistencies will arise from the accumulation of small differences from one version to another and from one group to another, as spreadsheets are often copied and modified. In addition, many errors that occur from either lack of understanding of the concepts or incorrect use of the spreadsheet frequently go undetected due to a lack of rigorous testing and version control.