Cyber Security Awareness Month: Week 4 – Shadow IT
BCIT IT services provides tools and services to keep our information safe. When users use technology solutions that are unsupported it could put BCIT at risk.
What is Shadow IT?
Shadow IT is “the use of IT-related hardware or software by a department or individual without the knowledge of the IT or security group within the organization” (Cisco, 2018). The most common type of shadow IT in an organization is using unsupported cloud based services.
Services like Dropbox and Google Drive are used by millions of people because they are easy to use and familiar, but are these services supported in your organization? At BCIT the answer is no, which is why we encourage all users to use ShareFile. Our ShareFile service keeps all files onsite here at BCIT in our datacentre. This protects our data and ensures we are following BC’s privacy laws.
Why is Shadow IT important?
In 2016, Gartner, an IT research company concluded that “By 2020, a third of successful attacks experienced by enterprises will be on their shadow IT resources” (Panetta, 2016). This means the less prevalent shadow IT is used at BCIT, our chances of becoming a target of a malicious cyber-attack is reduced.
At BCIT, according to Policy 3502, all users are required to take appropriate measures to prevent loss, damage, abuse, or unauthorized access to information assets under their control.
How Can I help?
- Use BCIT supported solutions, especially when dealing with personal or private information.
- Think about what external services you use. Read the security guidelines about how they protect your data.
- If you use an unsupported tool, ask the IT Service Desk to see if we have a solution for you!
- Read policies 3501 – Acceptable Use of Information Technology and 3502 – Information Security to make sure you are aware of your responsibilities.
BCIT is committed to taking appropriate measures to preserve the confidentiality, integrity, and availability of information and information technology (IT). All users at BCIT are responsible for:
- Taking appropriate measures to prevent loss, damage, abuse, or unauthorized access to information assets under their control
- Promptly reporting all acts that may constitute real or suspected breaches of security including, but not limited to, unauthorized access, theft, system or network intrusions, willful damage, and fraud.
- Looking after any physical device (tools, computers, vehicles, etc.) and access articles (keys, ID cards, system IDs, passwords, etc.) assigned to them for the purposes of performing their job duties, taking courses, conducting research, or otherwise participating within the Institute.
- Respecting the classification of information as established by the information owner
Cisco. (2018, 10 19). What is Shadow IT? Retrieved from Cisco Security: https://www.cisco.com/c/en/us/products/security/what-is-shadow-it.html
Panetta, K. (2016, June 15). Gartner’s Top 10 Security Predictions 2016. Retrieved from Gartner: https://www.gartner.com/smarterwithgartner/top-10-security-predictions-2016/?cm_mmc=social-_-rm-_-gart-_-swg