1 00:00:00,06 --> 00:00:03,02 - [Instructor] Shadow IT as the name implies 2 00:00:03,02 --> 00:00:06,03 can be challenging to both detect and prevent. 3 00:00:06,03 --> 00:00:07,01 In this video, 4 00:00:07,01 --> 00:00:09,06 I'll cover some specific actions you can take 5 00:00:09,06 --> 00:00:12,08 to reduce the likelihood and impact of shadow IT 6 00:00:12,08 --> 00:00:14,08 in your organization. 7 00:00:14,08 --> 00:00:17,05 First, let's look at some fundamental controls 8 00:00:17,05 --> 00:00:20,00 for protecting against shadow IT. 9 00:00:20,00 --> 00:00:21,09 These are steps you should be taking anyway, 10 00:00:21,09 --> 00:00:23,00 but if you aren't, 11 00:00:23,00 --> 00:00:26,07 your exposure to the shadow IT threat increases a lot. 12 00:00:26,07 --> 00:00:31,00 The first control you need to have is an IT asset inventory. 13 00:00:31,00 --> 00:00:32,06 If you don't have a current inventory 14 00:00:32,06 --> 00:00:34,06 of your sanctioned IT assets, 15 00:00:34,06 --> 00:00:38,00 you won't be able to identify shadow IT systems. 16 00:00:38,00 --> 00:00:40,06 Run an Nmap scan or use a similar tool 17 00:00:40,06 --> 00:00:44,00 to get a baseline of systems currently on your network. 18 00:00:44,00 --> 00:00:45,01 Review the results 19 00:00:45,01 --> 00:00:47,09 to make sure all systems you found are authorized 20 00:00:47,09 --> 00:00:50,00 and deal with any that aren't. 21 00:00:50,00 --> 00:00:52,00 Next, make sure users know about 22 00:00:52,00 --> 00:00:54,09 correct IT deployment processes. 23 00:00:54,09 --> 00:00:57,05 It's hard to blame users who don't follow the system 24 00:00:57,05 --> 00:00:59,05 when they don't know what it is. 25 00:00:59,05 --> 00:01:03,09 Define a clear IT deployment process and write it down. 26 00:01:03,09 --> 00:01:06,08 Publish it in a place that's easy for users to find 27 00:01:06,08 --> 00:01:08,07 and heavily promote it. 28 00:01:08,07 --> 00:01:12,00 Finally, implement and enforce strong security policies 29 00:01:12,00 --> 00:01:15,02 that prohibit unauthorized deployment of IT systems 30 00:01:15,02 --> 00:01:16,07 or solutions. 31 00:01:16,07 --> 00:01:19,09 Security policy should be approved by executive leadership 32 00:01:19,09 --> 00:01:22,01 and should clearly state what is allowed 33 00:01:22,01 --> 00:01:24,06 when it comes to IT deployments. 34 00:01:24,06 --> 00:01:26,06 That way, you'll have an answer when asked 35 00:01:26,06 --> 00:01:30,02 why shadow IT systems need to be removed. 36 00:01:30,02 --> 00:01:32,04 There are also several technology controls 37 00:01:32,04 --> 00:01:33,08 that will help keep shadow IT 38 00:01:33,08 --> 00:01:37,03 from becoming a serious problem in your organization. 39 00:01:37,03 --> 00:01:39,06 First is security monitoring. 40 00:01:39,06 --> 00:01:42,06 Security monitoring systems like a security information 41 00:01:42,06 --> 00:01:45,01 and event management system or SIEM 42 00:01:45,01 --> 00:01:46,09 can track all network activity 43 00:01:46,09 --> 00:01:49,04 and notify the IT or security team 44 00:01:49,04 --> 00:01:53,00 if an unauthorized system is added to the network. 45 00:01:53,00 --> 00:01:55,06 This may be an indication of shadow IT 46 00:01:55,06 --> 00:01:58,02 or another type of security incident. 47 00:01:58,02 --> 00:02:01,04 Next, consider ways to implement network access control 48 00:02:01,04 --> 00:02:02,09 or NAC. 49 00:02:02,09 --> 00:02:05,01 This is a technical security restriction 50 00:02:05,01 --> 00:02:07,01 that only allows authorized systems 51 00:02:07,01 --> 00:02:09,09 such as those with enterprise issued certificates 52 00:02:09,09 --> 00:02:11,07 from joining your network. 53 00:02:11,07 --> 00:02:12,09 With NAC in place, 54 00:02:12,09 --> 00:02:16,05 if a user attempts to add shadow IT systems to the network, 55 00:02:16,05 --> 00:02:18,07 they wouldn't be able to connect. 56 00:02:18,07 --> 00:02:22,01 Finally, consider using a cloud access security broker 57 00:02:22,01 --> 00:02:24,00 or CASB. 58 00:02:24,00 --> 00:02:27,00 CASB is a technology that sits between users 59 00:02:27,00 --> 00:02:29,08 and the cloud services they try to use. 60 00:02:29,08 --> 00:02:31,09 CASBs can enforce security controls 61 00:02:31,09 --> 00:02:36,00 on the use of software as a service or SaaS applications. 62 00:02:36,00 --> 00:02:38,08 They can also monitor your organization's network traffic 63 00:02:38,08 --> 00:02:42,03 to detect any cloud-based applications in use. 64 00:02:42,03 --> 00:02:43,05 You can use that information 65 00:02:43,05 --> 00:02:46,08 to detect shadow IT SaaS applications. 66 00:02:46,08 --> 00:02:48,06 By implementing the fundamental 67 00:02:48,06 --> 00:02:52,00 and technology security controls I covered in this video, 68 00:02:52,00 --> 00:02:54,04 you should significantly reduce your exposure 69 00:02:54,04 --> 00:02:57,00 to the threat of shadow IT.