Learn what Shadow IT is, common forms it takes, why it matters, and how to prevent shadow IT in your organization.
Read the full article: https://jumpcloud.com/blog/shadow-it
The Ins and Outs of Shadow IT: An Overview for MSPs: https://jumpcloud.com/resources/shado...
Learn more about JumpCloud: https://jumpcloud.com/
Learn more about JumpCloud Device Management: https://jumpcloud.com/platform/cloud-...
Try JumpCloud for free: https://jumpcloud.com/signup
Resources and social media:
-Community: https://community.jumpcloud.com/
-Blog: https://jumpcloud.com/blog
-Facebook: / jumpcloud.daas
-Twitter: / jumpcloud
-LinkedIn: / jumpcloud
#jumpcloud #informationtechnology #devicemanagement #mobiledevicemanagement
Transcript:
In this video, we'll cover what shadow IT is, common examples of shadow IT, why it's dangerous, and ways to address it in your organization. Shadow IT is any unknown or unapproved IT in an organization, usually initiated by a non-IT employee. An organization's IT department typically vets, approves and provisions tools to users and then prescribes how users can use those tools. IT that falls outside of this guidance is considered shadow IT.
Some of the most common examples of shadow IT include accounts created without IT's knowledge or approval, tools or resources that IT hasn't vetted or approved, personal devices that don't follow bring your own device, or BYOD guidelines, integrations or configurations the IT hasn't prescribed or approved. In most cases, employees and departments don't realize they're doing anything wrong. They're just looking for a better way to do their jobs and don't realize it should be involved. But shadow IT is dangerous.
First of all, shadow resources haven't been vetted by IT, so there's no way of knowing whether they meet your company's security standards. Secondly, as users create unmanaged accounts with shadow resources, their identities multiply and diverge. This works against any formal identity and access management program your company has in place. Additionally, IT doesn't have any control over shadow resources. Users aren't bound by any controls, regulations, or usage guidelines, and there's no way to hold their actions accountable to basic security practices. To make matters worse, IT can't really intervene if shadow resources cause a problem. In fact, they probably won't even know when problems happen. Shadow resources are unmonitored, untracked and unsecured, and this is a massive security risk.
So what can you do about shadow IT? First, communicate. Train employees on what shadow IT is and why they must go through IT for new tools and processes. Second, make communicating with IT easy for employees. Make sure everyone knows how to submit help desk tickets, request tools or features and leave feedback, and make sure your IT team follows up promptly on these communications. If employees feel their requests are ignored, they're more likely to take matters into their own hands. Third, make the user experience a priority. Employees turn to shadow IT when their current tools aren't working for them. To prevent this from happening, listen to what employees need and keep processes as simple and straightforward as possible, making it easy for employees to access their tools, use their preferred devices and operating systems and keep track of their accounts.
Finally, if your team does come across shadow IT that seems to serve its purpose well and meet your company's security requirements, consider formally adopting it. Identify which accounts already exist within the tool and roll them into an identity access manager or directory platform like JumpCloud to ensure identities are unified, secured, and tracked. Want to learn more about other ways JumpCloud can empower it? Check out the links in the description.
Информация по комментариям в разработке