CyberEye

Blog archive
Man juggling spinning remote IT devices

Is shadow IT spinning out of control in government?

The influx of consumer IT into the workplace — often unmanaged and unseen by administrators — is speeding up, and it isn’t just the fault of irresponsible employees.

“People need to get their work done, and they’ll do anything to get it done,” said Oscar Fuster, director of federal sales at Acronis, a data protection company. When tools that can help them appear in the marketplace, and in their own homes, they chafe when administrators do not let them use them. The result often is an unmanaged shadow infrastructure of products and services such as mobile devices and cloud-based file sharing that might be helpful for the worker but effectively bypasses the enterprise’s secure perimeter.

It is not all the fault of the administrators. They have policy, regulation and legislation to comply with. But if someone doesn’t do something quickly, agencies will soon find that their sensitive data is outside of their control.

What is needed is a more agile approach to acquiring and managing technology that doesn’t leave the government two years behind the consumer curve in acquiring tools. Departments must be willing to decentralize authority so that agencies can adapt quickly to their technology needs, and more freely interpret legislative mandates.

“It’s easier said than done,” Fuster said. But most IT legislation is technology neutral, and policies can be fashioned to accommodate new technology more quickly than is happening now, he says. “The second you fall behind, people will start cutting corners.”

Shadow IT is not a new problem. In the early days of the home PC, workers could use removable hard drives to work at home, and floppy disks could move files easily from one office to another. The difference was that 40 years ago it took more tech savvy and a little more investment to get outside the perimeter. When the world went wireless 15 or so years ago, there was an exponential jump in the ability to think and work outside the box.

Things have shifted again with handheld mobile devices and nearly ubiquitous network access. Consumer cloud services can put an entire suite of productivity tools in your hand, but it also takes data outside the administrator’s control.

The solution is two-fold. Because the enterprise itself is becoming more fluid, more attention is needed to the security of the data itself. Encryption and controls to monitor its movement, coupled with more well-defined access control, can help protect data and see who is using it and where. This addresses not just the shadow IT challenge, but the insider threat and the growing use of stealthy exploits that can sit quietly in the system and slowly export data.

At the same time, be open to accommodating workers so that they are less tempted to work around you. One powerful tool is the ability to manage mobile devices within your legacy infrastructure. Windows Phone has a small percentage of the mobile market, but the latest Windows 8.1 update allows administrators to use a common set of management tools from the server through the desktop to the handheld device. Even if your workers prefer an Android or iPhone, this can be a good compromise to making your workplace more flexible.

Posted by William Jackson on May 30, 2014 at 8:03 AM


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.