top of page
Search
Neil Gomes

CISO’s – shine light on Shadow & Stealth IT!

Updated: Apr 15, 2021

Shadow IT poses a risk to the Enterprise. Because it is built outside of the IT departments control or even knowledge (often paid for on a credit card), it puts Enterprise data is at risk – the risk of the unknown.


LOBs using Self-Service will see signing up for a public cloud service and storing data on it as a forward-thinking initiative. This can accelerate progress on their internal application project by circumventing restrictive IT policies and provide a better end-user experience; however, what is overlooked is the possible consequence of these actions.

A lot is being asked of IT these days, none more so than of those sat in the CISO's seat; given GDPR, ISO27001 and other compliance-centric frameworks, how you secure your data has never been so important.


Many Enterprises will continue to throw time, people and money at the latest security application that promises to protect their data, without a second thought on Shadow IT. Shadow IT remains little-understood and often not considered.


Shadow IT, also known as Stealth IT or Client IT, are Information technology (IT) systems built and used within organizations without explicit organizational approval, for example, systems specified and deployed by departments other than the IT department.


One possible consequence is that servers or workstations (within these shadow environments) are left running, often with auto-scaling for optimal performance. A rather large and unexpected bill can soon appear in your inbox.

The other, more worrying possibility is that these systems go unprotected. As the IT department don't know they exist, so cannot include them in their protection policies and cannot protect them behind whatever variation of hardware/software they have invested in. This leaves the systems, and more crucially the data vulnerable to theft and misuse often having its own financial penalty, which can be almost limitless!

There is a solution to Shadow IT, and it does not require a massive upfront investment, it can discover your infrastructure in a rapid, agent-less process, and allow you to deliver the same services in a controlled and protected environment, because now you know it exists! You can keep your existing security infrastructure and now use it to secure those assets previously un-seen and unprotected.


Not only can ClearSky Cloud show you this, but we can work with you to manage your public and private cloud platforms from a single pane of glass, both your existing instances and future ones! The Cloud Management Platform provides automated discovery on provision and can inject further automation; agent installation, threshold controls and an integrated approval mechanism to stop new servers etc being provisioned with no acceptance or knowledge from those with authority and ownership.


Talk to us about a Cloud Audit and take advantage of a 30-day free trial – who knows what security holes we can help you cover and how much money we can help you save?

Well OK – generally we see up to a 30% savings in Public Cloud OpEx – so the security benefits are effectively free!


8 views0 comments

Recent Posts

See All

Comments


bottom of page