The new Rogue IT: A growing, invisible threat to your IT operations
Meet the new rogue IT — a growing trend that may have already found its way into your organization.
Back in the day, "rogue IT" typically entailed departments building servers and putting them under their desks in an attempt to circumvent the IT department and all of the pesky security controls that came with IT-approved servers.
Often, those servers sat under a desk, inside a closet or back room — unpatched, unprotected, and non-compliant — for long stretches of time before finally being discovered.
Those were the good ol' days, compared to the new type of rogue IT that's quickly spreading through today's IT landscape. It's invisible, nearly undetectable, and completely unacceptable, to say the least.
The new rogue IT involves departments buying things online (think Amazon Web Services, Google Services, and Microsoft Azure), and setting up off-the-books IT operations outside of your organization's boundaries.
Take Joe, for example (not his real name, by the way). As the CIO of a large national corporation, Joe was recently asked when his organization would move to the cloud.
"The cloud's not ready for us," he explained. "It's not compliant, we can't protect our privacy, and the reporting, backup, and retention requirements just aren't in place for us to do that yet."
Imagine Joe's surprise when told his organization was already spending $300,000 per month on Amazon Web Services.
That, my friend, is the new rogue IT.
And it's actually worse than its earlier incarnations. When an unapproved server was sitting under a desk, for example, you could at least detect it at some point. It also sat behind your firewall, and had a bit of protection. But this? This new battlefield where rogue cloud operations live is the Wild, Wild West, my friends.
What to do? How can you possibly detect external, cloud operations when conventional port and vulnerability scans on your network cannot?
One viable method is an effectively configured DLPEP (Data Loss Prevention/Data Exfiltration Prevention) system that monitors the edge/boundaries of your network and monitors data transfer activity at the host level as well.
A well-executed DLP/DEP system can enable you to detect data leaving outside of known channels, tipping you off to the possibility that other, invisible IT operations are at play.
One challenge, of course, is that most organizations don't have this capability (it's not even a federal requirement yet, unless you're a bank).
DLPEP isn't something data centers can provide, either. Rather, it must be within the boundaries of your firewall so you can control and monitor everything passing through the firewall, as well as workstations.
The new rogue IT is spreading quickly, with great potential to wreck the security and integrity of the data under your care.
With DLPEP as the only weapon in our arsenal that can spot and counter this new threat, no IT security program is complete without it.
This was originally published on Network World. Click here to view the original article.