Interviews

Remote working increases shadow IT risk

by Mark Rowe

Company data breaches regularly make the headlines, putting customers at risk and incurring reputational damage. Over the last year we have seen some of the highest-profile data breaches in history. Whilst these targets are all large, established companies, it’s important to remember that data breaches can affect businesses of all sizes – whether they are large, medium or small. Many businesses, unaware that they could become a target, fail to plan for a potential data breach – and when they are attacked, the results can be catastrophic. Fines into the millions, bans on data processing, reputational damage and loss of customer confidence and trust are just a few of the potential consequences, writes Richard Farrell, Chief Innovation Officer, at the contact centre platform company Netcall.

With the majority of the global population having shifted to working from home over the last year and businesses having rapidly transitioned to remote operations, cybercriminals have pivoted and exploited the COVID-19 pandemic to carry out highly advanced cyberattacks. In fact, according to a global survey released by VMware Carbon Black, 91 per cent of enterprises reported an increase in cyberattacks with more employees working from home amid the coronavirus outbreak. This has led to increased pressure on IT teams – both internal and external – to keep on top of latest technology developments and ensure that cybersecurity hygiene is as strong as possible.

In large organisations, IT functions are under pressure to provide accelerated business change, but the vast majority of budget and resources are dedicated to maintaining legacy hardware, and to managing the vital, back-office applications that businesses run on. This is where shadow IT – the use of IT-related hardware or software by a department or individual without the knowledge of the organisation – can sneak in. Shadow IT usually occurs where a department or individual is not willing to wait for an IT-sanctioned solution, and feels they can deliver something themselves more quickly and easily, or use quick workarounds under time and resource constraints. However, the use of unsanctioned solutions can inadvertently open new vectors for cybersecurity attack. It is therefore critical that IT has visibility to ensure this does not happen.

According to Snow Software’s ‘2021 IT Priorities Report’, 41% of workers said general access to technologies has improved, but IT leaders may overestimate the ease at which teams are able to procure applications, cloud resources, and software. As a result, this could provide an opening for shadow IT, with employees bringing in solutions to help modernise and improve productivity without considering potential risks and consequences. Shadow IT is becoming a huge problem for companies because remote working has caused massive growth in the number of uncontrolled bring-your-own-devices (BYOD) and cloud apps, which are typically owned and managed by non-technical staff. In addition, this opens new entry points to accessing critical systems – access points which aren’t governed by corporate regulations or strong password guidance, and which cybercriminals can therefore exploit.

Bridging the gap between employees and IT

Whilst shadow IT can seemingly help to enhance efficiency, it also subjects users and organisations to heightened risks of data breaches and non-compliance issues. This is where low-code platforms can help, as they can be scaled up without the need to hire developers to meet demand, consequently reducing operational costs such as maintenance and support. In fact, the Forrester WaveTM: Low-Code Development Platforms For AD&D Pros, Q1 2019 report highlights that digital businesses’ demand for the latest software is the biggest driver of low-code adoption.

Here, a low-code platform can help mitigate shadow IT by bridging the gap between business and IT. For organisations looking to put the power – safely – back into the hands of its employees, the platform makes it easy to build apps without needing specialist development expertise – but that have a ready-made understanding of the problems that need solving. These apps can help streamline internal processes and automate manual tasks, whilst adding value and driving developments from the very core of the organisation. And it helps reduce the risk of employees using unauthorised apps and tools to do their work, subsequently minimising potential security threats. Low-code providers secure their platforms on their ‘own’ clouds, which helps mitigate various security risks, particularly around issues like hacking techniques such as SQL injection and cross-site scripting. So, while business users can build apps, they do so under a ‘security umbrella’, provided by the platform and managed and controlled by IT. The platform itself must be secure and ensure the apps it supports are also secure with full identity management capabilities and access control.

In addition, IT are provided with the tools they need to ensure new app development is done underneath the security umbrella. This is achieved by providing the correct policies to enable secure access and use of the apps being built. After all, one of the biggest causes of shadow IT is a lack of visibility. Put simply, in embracing low-code technology, businesses can build multiple apps while IT retains control of new systems and applications.

No room for error

Low-code technology, by its very nature, enables applications to be more secure when built. During development, users are prompted for required information, causing fewer entry mistakes compared to hand-coding apps directly. In addition, low-code platforms often include a validator that checks over an application and flags any areas that need addressing. The platform provides end-to-end security throughout the development lifecycle of the app, including development, testing and deployment.

At a time where cyberattacks are on the rise, providing businesses and employees with a range of easy-to-use and scalable tools will be pivotal as we head into 2021. The myth that low-code is only useful for simplistic apps has long since been dispelled. Enterprises need to better understand its power to create effective tools, as well as foster alignment between IT and business. Providing employees with more effective tools can help significantly reduce the security risk of shadow IT whilst increasing employee productivity. Now businesses have adapted to everything 2020 threw at them, the importance of good cybersecurity hygiene cannot be ignored in 2021 and beyond.

Related News

  • Interviews

    Institute vice-chairmen

    by msecadm4921

    The Security Institute has two new vice-chairmen.  Institute finance director Emma Shaw becomes Vice-Chairman (Business) and Garry Evanson, previously responsible for standards,…

  • Interviews

    Cyber challenge

    by Mark Rowe

    The Cyber Security Challenge UK is asking the public to show their digital skills and help investigate suspicious emails linked to a…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing