Security News > 2023 > August > UK’s NCSC Publishes New Shadow IT Guidance
Discover the new shadow IT guidance published by the U.K.'s NCSC. Use this guide to better identify and reduce the levels of shadow IT within your organization.
A new publication from the U.K.'s National Cyber Security Centre provides guidance to organizations concerned with shadow IT, which most of the time results from non-malicious intent of employees.
The increase in cloud usage has significantly increased shadow IT. According to Cisco, cloud services have become the biggest category of shadow IT as more employees feel comfortable installing and using various cloud applications without reporting it to their IT department.
What leads to shadow IT? As written by NCSC, shadow IT is rarely the result of malicious intent but rather due to "Employees struggling to use sanctioned tools or processes to complete a specific task." Some users also do not realize that the use of devices or personally managed software-as-a-service tools might introduce risks for their organization.
How can you mitigate shadow IT? NCSC writes that "At all times, you should be actively trying to limit the likelihood that shadow IT can or will be created in the future, not just addressing existing instances."
As most shadow IT results from non-malicious intent of employees who want to get their work done efficiently, organizations should try to anticipate the staff's needs to prevent shadow IT. A process for addressing all employees' requests regarding the devices, tools and services they need should be deployed, so they will not be encouraged to implement their own solutions.
News URL
https://www.techrepublic.com/article/ncsc-new-shadow-it-guide/