Former Secretary of State, Hillary Clinton, has become the unlikely face of Shadow IT, thanks to the media uproar caused by the news that she used a personal email address while at the State Department.
Some politicos noted that this wasn’t on the large scale of typical Clinton family scandals, but Republicans presidential nominees have to bang the Benghazi drum when they have the opportunity. A private email account also raised concerns that Clinton was conducting diplomacy with world leaders behind the back of the diplomatic corps.
However, it’s unlikely that someone in Clintonland wasn’t aware that this could cause problems later on. So why take the risk? Knowing what they know about presidential campaigns, why did a Clinton go to the effort of having a server installed in their Chappaqua, New York home?
Addressing the press, Clinton said “Looking back, it would’ve been better if I’d simply used a second email account and carried a second phone, but at the time, this didn’t seem like an issue.”
With her work phone, a BlackBerry, Clinton wasn’t allowed a personal email account. Ever security conscious, but need to keep up to date with family business outside of State, she didn’t want the added worry of carrying two devices.
This is something that many professionals can understand and empathize with.
And yet, CIO’s everywhere were alarmed by the fact that if this can happen at the highest level of the State Department, surely it can happen in any workplace.
How IT Departments Can Protect Against Shadow IT?
Firstly, consider why employees bring their own devices or use their own file sharing and cloud services, or private email accounts: usually, like Clinton, for convenience.
Coming down hard on employees will only make the problem worse, or drive staff away to competitors with a more relaxed approach to IT. Relaxed, however, shouldn’t mean insecure. With cyber-attacks on the rise, the potential for viruses to get in through new (private) routes makes this risky behaviour; one better controlled and managed than outlawed.
One way to protect against security breaches through shadow IT is to make employees aware of the risks, to the company, to them, your customers.
Find which systems or apps your employees prefer to use, compared to the enterprise suite products they ought to be using. Assess whether it’s viable to switch or use alongside, and identify ways to make them more secure in the workplace.
If employees are sharing data and files, or moving them back and forth between personal cloud services (like Dropbox, Box, or Google Drive) and your companies cloud, then make sure all files are encrypted.
Some services, like Amazon and Box, offer automatic encryption, but not all do, so ensure employees know what’s available, like Credeon for Dropbox.
Ideally, staff shouldn’t be taking customer data off-site, but that isn’t always possible, which is why working with them to accommodate their user needs is a sensible approach that benefits everyone.