BT Ireland’s Ailbhe McDarby talks about the dangers of shadow IT and why security has become more important than ever.
Many businesses that hadn’t previously provided remote working tools for their employees have had to go for a quick fix as lockdown forced people to stay at home. Adopting ad hoc solutions risks undoing years of careful procurement and security management, leaving the business exposed to hackers and cybercriminals who are having a field day with hastily dispersed workforces.
The irony is that security policies and practices put in place in normal times become even more important if key business assets, namely people, are suddenly relocated outside the network perimeter.
Employees working from home are particularly vulnerable to a huge spike in phishing attacks and vulnerabilities that cybercriminals have been exploiting in some popular apps. Another risk is inadvertently falling short on regulatory requirements, switching contact centre agents to home working, for example, without giving them compliant call recording tools.
The need for enterprise-class solutions
Free and unsecured conferencing tools can get businesses into serious trouble, not just the financial penalties of GDPR failure but the reputational damage that comes with a high-profile breach. With user accounts being sold on the dark web and protocols that facilitate levels of data sharing that aren’t acceptable inside a business, it’s a timely reminder that enterprises need enterprise-class solutions.
Some of the best-known vendors in the unified communications sector such as Cisco and Microsoft have been developing and refining their products for decades. Today, security and data privacy are major considerations for each step a new product takes on its way to market. These are companies that look to embed security in every aspect of a business rather than confine it to siloes that are easier for cybercriminals to exploit.
The role of IT is essential for centralising the control and management of security across increasingly distributed businesses. The practice of ‘shadow IT’, where business units or even individuals go off and make their own procurement decisions, is riddled with risk. Right now, home workers might be making their own choices about what video call applications to use and worse, they might be running them on home hardware that isn’t covered by the company’s endpoint security.
Avoid shadow IT
This is not a new problem. Shadow IT covers a wide range of ill-advised investments, from executives buying a new smartphone to whole business units subscribing to a software-as-a-service solution. The scale might be different but the problem is the same.
It undermines the autonomy and control of IT and their ability to stand over and protect the environment in its entirety. A breach made possible by a rogue device or service will be a lot harder to clean up after the event than prohibiting its use in the first place.
Although organisations are under pressure to quickly find ways to maintain employee productivity, they need to stop and think about life after Covid-19. Exit strategies are inevitably starting to be discussed, a process that is going to be hard enough without having to fix bad investments made during the pandemic.
Procurement and IT should be working together to ensure that remote working is enabled through investments in enterprise-class applications and resilient infrastructure. You want to be able to support remote working with secure VPNs and properly managed connectivity that allows for role-based access. So the CFO, for example, can log into back-end accounting software from home without fear of compromising sensitive data.
My main message is to resist the temptation to ‘panic buy’ and think instead about what you want your company’s communications landscape to look like in five years. Aligning technology to business strategy is key and part of that is making sure they avoid the common pitfalls of poor security and shadow IT. Invest wisely now and you will avoid double spending in the future.
Ailbhe McDarby is the head of unified communications and contact centre propositions at BT Ireland. A version of this article previously appeared on BT Ireland’s blog.