Health IT and Electronic Health Activate your FREE membership today |  Log-in

Community Blog

Aug 22 2016   11:50AM GMT

Shadow-Hunting: Managing the Ghosts That Live Within



Posted by: TaylaHolman
rogue applications, shadow IT

Guest post by Mac McMillan, CEO of CynergisTek, Inc.

mcmillan_mac Shadow IT has become increasingly prevalent in today’s enterprise environments, and for the most part is driven by employees who are just trying to find a way to get something done with a tool they are comfortable using. It is made possible because most organizations’ networks or devices are not managed well enough to detect rogue software or devices when they’re added. Usually an organization’s first awareness occurs when the person using the rogue software or device needs technical support and asks for help.

Recent hacking activity is fueling a new desire to limit exposure as well as to engage in discussions around how to best handle shadow IT. To have that discussion, however, we must remember that it includes the wired, wireless and mobile device environments.

The first step in managing shadow IT is not to overreact. Most of the folks responsible for these rogue applications and devices are good employees just trying to do their job. That said, make sure you establish a policy around the introduction of software or systems to the enterprise and educate the workforce to it. Consider creating a process for employees to nominate programs or devices for use so that you can enable innovation with responsibility. Provide a safe environment for those new programs and devices to be deployed within and that users can access to effectively preserve integrity while vetting new capabilities. Above all, create an environment where staff feel comfortable bringing new ideas or technologies to the table. After all, the idea they bring you is the one you don’t have to find.

The second step is to trust, but verify. While many will color within the lines once they understand what is expected and feel empowered to bring forward new things, others will for many different reasons not comply. For those, you’ll need to rely on controls and the network to alert you when something has been added that isn’t authorized or to block it from happening. Here are some tactics:

Port security. This falls in the oldie, but goodie category. Basically, network devices can be configured to remember MAC addresses or configured to enforce a number of MAC addresses on each port. Most modern network devices should support some version of this. Even wireless devices often support some version of managing MAC addresses. The biggest drawback is management. Anytime systems move or are replaced, the port would have to be reset or reconfigured.

NAC. Network access control (NAC) allows you to take port security to another level. It’s easier to manage a large network with NAC versus standard port security since you’re managing based on policies rather than endpoint configuration, however, it’s more expensive and can be very complex to implement. Basically, it allows you to define security requirements that need to be met in order to gain access. This could be simple like what port security provides, or it could be more complex and check patch levels, and/or whether anti-virus is running and current. Defining these policies and managing them across a large network can be a huge undertaking.

802.1x. This is an authentication method. The simplest way to think of it is as a certificate installed on the endpoint. This allows the system to authenticate with an authentication server and shows that the system is trusted. Most organizations use this method mainly on wireless networks, but it can be rolled out over the wired infrastructure as well. The biggest challenges here are certificate rollout and management.

MDM. Mobile device management (MDM) focuses on managing mobile devices. Like NAC, it allows you to establish strong policies for each device that connects and then permits you to manage those devices. Disabling a security feature covered by policy, such as encryption, the use of a password to gain access, or jail breaking the device, will cause it to not connect. This means that you won’t have to punch holes elsewhere in order to provide access to email or other applications and simplifies managing these devices through the use of policies.

VDI. Virtual desktop infrastructure (VDI) is the practice of enabling a desktop operating system within a virtual machine running on a centralized server. With the desktop, essentially a thin client and all of the controls resident on the server are restricted from the user, and downloading, installing or enabling other software and devices at the desktop is not permitted. Better still, its’ not necessary, because one of the big drivers for users to turn to other devices is lack of ubiquitous access to their desktop, but VDI allows you to extend that directly to their tablet or phone. Using VDI not only provides flexibility in providing and restricting access to sensitive systems and data, but also restricts rogue software and devices as well.

Network scanning. This can be accomplished either proactively or reactively through the use of various network scanning and monitoring technologies. Some permit active management as well. Essentially network scanners can look for and find unauthorized devices connected to the network. It can either disable them directly, or investigate and then decide what the appropriate course of action is. Network scanning performed reactively, which usually means manually, can be a huge time sink and delay critical decisions.

Shadow IT offers opportunities, both positive and negative, but creating a strategy for managing it can help eliminate the bad and take advantage of the good. You’ll likely need a combination of the technologies and methods discussed above to be successful. Like anything else we do in IT or security, if we start by thinking through the problem, develop our strategy, define our policies, select our controls, implement, manage and finally audit what we’ve done, we’ll likely have a better chance of succeeding at making shadow IT an ally.

About the author: 

Mac McMillan, FHIMSS, is co-founder and CEO of CynergisTek, Inc., a top-ranked information security and privacy consulting firm focused on healthcare IT industry. He brings nearly 40 years of experience in security and has worked in the healthcare industry since his retirement from the federal government. McMillan participates on many advisory boards, and is recognized as a thought leader in healthcare IT for his contributions to industry publications and events on compliance, security and privacy.

Comment on this Post

Leave a comment:

rosemkramer  |   Sep 17, 2016  5:13 AM (GMT)

Expressing our ideas and have to share with others can examine us how good we are in writing and the topic. Here exactly happen the same and I like the way of writing you have chosen.
Refer: Custom essay service


 

somnath007  |   Nov 23, 2016  6:00 AM (GMT)

The arrival of the last month of a year means the beginning of the holiday season and also the wait for the new year to begin. You can check out
my site for New Year 2017 Wallpaper, images, quotes, poems and you can use them to wish your
near and dear ones on New Year.

 

alicetayor  |   Dec 2, 2016  9:08 PM (GMT)

great article, I was very impressed about it, wish you would have stayed next share


 

maria02  |   Jan 26, 2017  1:32 PM (GMT)

This interview will help lots of people. iPhone 7 Price


 

melish  |   Feb 1, 2017  2:33 PM (GMT)

A company is increasingly growing for their some good effect able work. Now i am here share with your’s a one site that called coffee maker with grinder reviews it’s will be very helpful for your’s.


 

alvinaash  |   Mar 14, 2017  12:18 AM (GMT)

Expressing our ideas and have to share with others can examine us how good we are in professional assignment writing and the topic. Here exactly happen the same and I like the way of writing you have chosen.


 

mahaelgyar  |   Mar 21, 2017  5:35 PM (GMT)

مرحباً بكم عملائنا الكرام نحن من افضل الشركات بالرياض و ارخصها و لدينا جميع الخدمات التي تحل جميع مشاكللك ، نحن من اشهر و اجود الشركات بالرياض نمتلك افضل عماله ماهره و نستورد افضل المعدات الالمانيه الحديثه ، زوروا مواقع شركتنا فنحن في الخدمة

شركة تنظيف بالرياض
شركة تسليك مجاري بالرياض
شركة مكافحه حشرات بالرياض
شركة تنظيف خزانات بالرياض 
شركة تنظيف فلل بالرياض
شركة تنظيف مجالس بالرياض 
شركة نقل عفش بالرياض 
شركة تنظيف منازل بالرياض
شركة تنظيف شقق بالرياض

شركة مكافحة النمل الابيض بالرياض

شركة رش مبيدات بالدمام
شركة مكافحة حشرات بالدمام
شركة مكافحة النمل الابيض بالدمام
شركة رش مبيدات بالاحساء
شركه مكافحة حشرات بالاحساء
شركة مكافحه النمل الابيض بالاحساء
شركة رش مبيدات بالقطيف
مكافحه حشرات بالقطيف

شركة مكافحه النمل الابيض بالقطيف

شركة شفط بيارات بالرياض
شركة تسليك مجاري بالرياض
شركة تنظيف بالمزاحميه 
شركة نقل عفش بالمزاحميه
شركة نقل عفش بالمجمعه
شركة تنظيف منازل بالخرج
شركة كشف تسربات المياه بالمزاحميه
شركة تنظيف بالخرج
شركة نقل عفش بالخرج

شركة مكافحة حشرات بالخرج

STATS


 

jhonkal  |   Mar 26, 2017  1:25 PM (GMT)

Grate article and grate work by shadow It. You can find nice work at best track saw.
 


 

petron  |   Apr 3, 2017  8:50 AM (GMT)

Applying
for payday credits online has never been more straightforward, with shorter
structures and more online loan specialists to browse. On the off chance that
one trusts this might be the correct street for him or her to take, just
research the organization before giving out any individual data. Cash Advance 


 

agariohi  |   Apr 4, 2017  5:32 AM (GMT)

Thanks for your sharing! The information your
share is very useful to me and many people are looking for them just like me! Thank
you! I hope you have many useful articles to share with everyone!


 

adams12  |   Apr 27, 2017  7:11 AM (GMT)

we actually like to serve you the simplest things with 100
percent satisfactions.


check
cashing New Castle

 

deobiaoparei  |   May 3, 2017  12:37 AM (GMT)

Are
you wanting to dough into a bank account, the whole amount usually can’t be
instantly opened; there may be additionally a waiting generation for the take a
look at to clear. check cashing


 

jasonwilliams016  |   May 22, 2017  4:47 AM (GMT)

Apple’s flagship operating system iOS 11 is nearing it’s release. There will be quite a few changes from iOS 10 as well as some compatibility updates. You can check out my site to get all the details about iOS 11, the compatible devices  iOS 11 beta

 

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: