In the era of hybrid work, which requires flexibility, agility and accessibility, CIOs are called upon to take on new scenarios despite the trend towards Shadow IT.
The world suddenly shifted to working from home when the pandemic hit. Within weeks, companies deployed digital tools and technologies to facilitate remote work everywhere. This accessibility has been further expanded to allow employees to work from any device, often combining company devices and their own devices to perform their day-to-day tasks.
These technologies, which aim to guarantee accessibility and simplicity to employees, still present some challenges for IT teams, who must ensure that they have a robust security framework that covers a wide range. of private and professional terminals and the many programs and applications used. of employees. To complicate matters, an increasing number of applications are moving to the cloud and workloads are increasingly distributed between public clouds and SaaS software.
This makes it difficult to secure and manage complex environments, especially when expertise is required to manage the complexities faced by IT teams today. Therefore, it is important for companies to address the lack of knowledge of their workers in terms of cybersecurity and to manage digital acceleration by investing in cybersecurity to strengthen their organization’s IT security.
The rise of Shadow IT
The proliferation of shadow IT, which is the unauthorized use of systems, devices and software, has increased sharply with the transition to remote working. IT managers are increasingly concerned about information security, due to employees ’use of Shadow IT. In fact, the number of employees installing unauthorized software has increased since the pandemic began.
Shadow IT is a problem because it exposes organizations to data exfiltration, malware etc. This technique can allow hackers to steal employee and customer identities, as well as confidential company data. companies, fail compliance audits or lead companies to violate the law. When employees do everything to avoid the IT department, Shadow is difficult to prevent, manage and control. With hybrid working and the increasing use of private, unmanaged devices that are easily exploited by cybercriminals, data is at greater risk than ever before.
How to combat this problem?
Companies must rethink their security strategy and make sure their employees can access applications securely, anywhere, anytime and from any device.
Employees tend to use Shadow IT when they feel that their work tools are not fast enough, not accurate enough or too complex. When an application is too slow, it is not difficult to bypass common processes and subscribe to a cloud-based service, without involving IT departments.
Company-managed endpoints typically provide maximum security for remote access because IT teams have more control over the process. Moreover, if employees have attractive applications, data and services, they will not be tempted to use Shadow IT. IT teams will regain control and reduce complexity while improving security. However, the experience of the employees is important.
A managed virtual workspace provided by IT teams can create an effective protective bubble to ensure centralized management and security of corporate data and applications without degrading the employee experience.
This way, employees only have access to business -critical data through company -authorized virtual desktops and applications. This approach enables the development of the Zero Trust security framework, since security controls require verification separately by location and device. The Zero Trust model is easier to manage, and more importantly, it significantly reduces the possibilities of using Shadow IT.
For example, Desktop-as-a-Service (DaaS) allows authorized employees to simply and securely access all of their applications through virtual desktops. This solution not only authenticates the user when logging into the virtual workspace, but also monitors user, application and network behavior to ensure the security of business data, wherever work is performed.
Communication is important
A large portion of employees are not fully aware of the seriousness of the cyber risks associated with teleworking. However, IT managers can implement a few simple steps to reduce the risks associated with Shadow IT.
The first step is to inform employees of the risks and issues. Often the most productive employees buy and use Shadow IT to speed up their work. If they knew the serious risks posed by unauthorized technologies and the consequences of their use on their reputation, their privacy and their business, they would likely be hesitant.
Next, make sure teams know the latest training and security measures, understand best practices outside the office, and make sure security patches and updates are installed on their devices before proceeding. leave. IT teams are responsible for teaching employees how to spot invitation scams, phishing attempts and many other forms of online scams in their day-to-day work.
Finally, IT managers should encourage employees to come forward and seek help if they want to complete tasks using their personal devices or through apps not managed by the company. IT teams will be notified and alerted in case of suspicious activity. Effectively communicating risks to all employees in the company and providing them with practical advice to avoid risks will reduce the security burden of IT teams.
Listening to employees
Today, users want technologies that are simple, intuitive and easy to use. However, the increase in hybrid working and the increasing use of different devices have extended the attack surfaces. By deploying a smooth and secure digital work environment, companies can simplify work and allow employees to use the devices of their choice, while reducing the lure of shadow IT and the risks associated with unauthorized technologies.
By Serge NiangoHead of Sales Engineering at Citrix France
“Hybridization is the‘ core ’topic of Citrix’s business. »
Telecommuting: IT security is being tested by new information challenges in the cloud.
Micro-Apps, business productivity levers.
Hybrid work: 69% of employees want to choose their workplace.
68% of malware comes from the cloud and shadow IT
How to avoid Shadow IT risks
When DevOps is cast in the shadow IT