From the course: The Cybersecurity Threat Landscape
Protect against shadow IT
- [Instructor] Shadow IT as the name implies can be challenging to both detect and prevent. In this video, I'll cover some specific actions you can take to reduce the likelihood and impact of shadow IT in your organization. First, let's look at some fundamental controls for protecting against shadow IT. These are steps you should be taking anyway, but if you aren't, your exposure to the shadow IT threat increases a lot. The first control you need to have is an IT asset inventory. If you don't have a current inventory of your sanctioned IT assets, you won't be able to identify shadow IT systems. Run an Nmap scan or use a similar tool to get a baseline of systems currently on your network. Review the results to make sure all systems you found are authorized and deal with any that aren't. Next, make sure users know about correct IT deployment processes. It's hard to blame users who don't follow the system when they don't know what it is. Define a clear IT deployment process and write it down. Publish it in a place that's easy for users to find and heavily promote it. Finally, implement and enforce strong security policies that prohibit unauthorized deployment of IT systems or solutions. Security policy should be approved by executive leadership and should clearly state what is allowed when it comes to IT deployments. That way, you'll have an answer when asked why shadow IT systems need to be removed. There are also several technology controls that will help keep shadow IT from becoming a serious problem in your organization. First is security monitoring. Security monitoring systems like a security information and event management system or SIEM can track all network activity and notify the IT or security team if an unauthorized system is added to the network. This may be an indication of shadow IT or another type of security incident. Next, consider ways to implement network access control or NAC. This is a technical security restriction that only allows authorized systems such as those with enterprise issued certificates from joining your network. With NAC in place, if a user attempts to add shadow IT systems to the network, they wouldn't be able to connect. Finally, consider using a cloud access security broker or CASB. CASB is a technology that sits between users and the cloud services they try to use. CASBs can enforce security controls on the use of software as a service or SaaS applications. They can also monitor your organization's network traffic to detect any cloud-based applications in use. You can use that information to detect shadow IT SaaS applications. By implementing the fundamental and technology security controls I covered in this video, you should significantly reduce your exposure to the threat of shadow IT.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.