Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Security Manager's Journal: Tracking down rogue IT

Mathias Thurman | Dec. 4, 2012
Some call it "shadow IT," but I am among those who call it "rogue IT." Both terms refer to information technology that has made its way into an organization without proper approval.

We also found that a business group had contracted for the use of a SaaS knowledge base for our customers. Some very sensitive, proprietary information was being stored on that site, which offered no encryption in transit (SSL) or at rest, no proper account management and no redundancy if the site went down. Sadly, our intellectual property was potentially being put at risk of exposure in this way when we already have a very robust knowledge base. Unfortunately, this particular group knew nothing about it and set off on its own to fill its needs.

We found several other rogue IT projects that will have to be dealt with either by sanctioning them or forcing them into an early retirement in favor of more robust corporate solutions.

All in all, not a great week, but I guess it's better to know about all of this stuff than it is to remain blissfully ignorant.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.