The Risks of Shadow IT

In the last few weeks there has been a number of reports of UK public sector organisations taking advantage of docs.com (Microsoft free document sharing service) as a way to distribute and share documents with in their organisations. However, what many of these organisations didn’t realise was that by default all of the content on this service was shared publicly, and was being indexed by the likes of Google and Bing and appearing in people’s search results.

This was initially discovered by Buzzfeed and some of the content that was inadvertently publicly available was national insurance numbers,  bank account details and even passwords. With the impending changes of regulation as a result of GDPR that come into force next year in Europe and the Privacy Amendment Bill 2016 in Australia, it is now more important than ever that businesses take note of ‘shadow IT’ and how the rollout of cloud services may be impacting them.

For users in organisations that have already had Office 365 implemented, Docs.com appears as an extension of the functionality of Office 365. However it is a completely different service. So who can blame an end user for taking advantage of these services if they are not aware of the implications of using these services. IT is often responsible for making sure that the appropriate steps are being taken to educate as well as prevent users from utilising these services whether the services have been officially rolled out or not

These customers depend upon the IT channel to educate them as to the risks associated with these services. Therefore, we should also make sure that when we are enabling them to utilise the likes of Office 365 we are taking a holistic approach to data management through appropriate policies, procedures and technologies in place to manage this.

With the ever-evolving cloud services landscape, we need to be checking in with organisations on a regular basis to understand how they are utilising these services and provide them feedback on how they can mitigate these risks. One such service that we have recently launched to assist our partners with staying relevant in this space, is our Office 365 Reporting Service. This service enables you to provide your clients a monthly health check of their deployment and an avenue to educate them on the ever changing cloud environment.

Join the Insentra Community with the Insentragram Newsletter

Hungry for more?

[Secure Workplace]

Enabling DLP Within an Organisation

I have been working with Symantec Data Loss Prevention (DLP) ever since Symantec acquired Vontu. This technology has evolved a lot over time, but there is a lot more beyond.

[Secure Workplace]

Recovering from a Failed Audit and Preparing for Re-audit

By [Lee Foster]

If we are to accept the now common statement “Information is your most valuable asset” then it is fair to say this information must be protected and have controlled access.

[Secure Workplace]

Did I Hear You Correctly? You Can Add Web Proxy Functionality To The Symantec Endpoint Protection Using Symantec Web Security Service?

By [Ronnie Altit]

One of the strengths of Symantec Endpoint Protection (SEP) has been the simplicity of the SEP client. Since Version 11, the SEP client has provided antivirus, firewall, intrusion prevention, application and device control, application whitelisting and more.