IT Security - Nov 11, 2019

Follow these 7 tips to give shadow IT no chance in your company.

WhatsApp as the internal communications platform, Facebook and LinkedIn as the intranet, and the prominent executive profile for the MD’s iPhone—the sad reality of shadow IT in many companies. Keep reading to find out the reasons for this parallel world and what you can do to prevent it.

Shadow IT mostly comes about through a combination of various factors. One main reason is always the attempt to protect companies, data, and information by blocks and limitations. These traditional approaches to IT security are in conflict with current workers’ needs. Influenced by their private environment and competitiveness, employees are used to working anywhere, from any device, and at any time with access to their data. Modern collaboration models and compliance with the GDPR are additional requirements. On the flip side, there is corporate IT security which tries to regulate access to corporate information by limiting access to networks, device functionality, communication platforms, and data storage.


The result: Employees sacrifice enterprise security in order to be able to do their jobs. Ironically, this type of IT security leads to exactly the situation that it attempts to prevent. This can only be resolved by not restricting workers while ensuring that the protection level of data is not negatively influenced.


This seemingly large challenge can be mastered by having a rethink and using modern IT security tools combined with the cloud. Below, I’ll describe some measures that can significantly boost the level of security without limiting employees productivity.


Access from any device, any place, and at any time.

Don’t block access to your enterprise tools and don’t limit the functionality of your managed devices. Use modern device management from the cloud (such as Microsoft Intune), to manage both Windows 10 devices and smartphones running iOS or Android, wherever they are in the world. New and classic technologies like Windows Autopilot, Apple DEP and Android for Work provide you with monitoring options and let you manage your devices centrally.


Needs-based protection.

Don’t limit access to company data across the board, but make access dependant on situations and needs. The Conditional Access of the Azure Active Directory, can, for example, prevent access to corporate data based on location, device condition, user behaviour, and other characteristics and automates additional protection measures. If an employee wants to access company data from outside of the network, they will need to successfully complete a two-factor login, for example. Access from iPhones with Jailbreak or an outdated version of iOS can be blocked as standard.


Two-factor authentication.

Be sure to activate two-factor authentication as a rule. This is one of the easiest tools to significantly boost data protection. Equally, you can also roll out the Azure Active Directory across your entire enterprise in a few minutes. The Microsoft Authenticator App lets you introduce it in a way that’s convenient for employees.


Protect your information instead of blocking access.

Technologies like Azure Information Protection let you “stamp” e-mails depending on the protection measures used in the documents. Documents stamped “personal”, for example, can only be opened by HR employees. If a document is sent to someone else, they will not be able to open it. Other features like printing can also be blocked.


Protection when using apps.

Use technologies like Microsoft Cloud App Security. This lets employees use their preferred apps while blocking actions that contravene corporate compliance regulations. Sending documents via WhatsApp would also be blocked, if the documents originate from the company’s OneDrive.


Awareness raising among employees to protect from attacks.

Defence against attackers and those seeking to get inside the company network is one of the most important elements of IT security. If an attacker penetrates an internal network and wreak havoc undetected, the damage can often be devastating. The attacks most commonly used for this are phishing or comprising of passwords, where the attacked employees mostly have no idea what is happening. To raise awareness among workers, you can conduct your own phishing and brute force attacks on passwords in your own Microsoft 365 tenant with Microsoft Enterprise Mobility and Security. In this way, you can discover which passwords are weak and greatly raise awareness of phishing e-mails.


Introduce tools that are just as good or even better than those workers use privately.

When selecting and introducing IT tools into your company, it is crucial that these are comparable or ideally even better than those that employees are using outside of the company. Make sure you closely involve your employees and representative groups in the selection process. If your IT tools are accepted across the board, no one will feel the need to turn to shadow IT.


In summary, keep the following in mind: Be sure to tackle the current challenges that impact upon your IT security. Create a corporate IT that leaves no desire for shadow IT. One thing is especially important here: Don’t limit access, protect your information instead. This is how you can gain a competitive edge while protecting your two most precious “commodities”: your data and your workers.

written by

Service Manager Business Services


Share article

Published on Nov 11, 2019.