Health IT and Electronic Health Activate your FREE membership today |  Log-in

Community Blog

Aug 22 2016   11:50AM GMT

Shadow-Hunting: Managing the Ghosts That Live Within

Posted by: TaylaHolman
rogue applications, shadow IT

Guest post by Mac McMillan, CEO of CynergisTek, Inc.

mcmillan_mac Shadow IT has become increasingly prevalent in today’s enterprise environments, and for the most part is driven by employees who are just trying to find a way to get something done with a tool they are comfortable using. It is made possible because most organizations’ networks or devices are not managed well enough to detect rogue software or devices when they’re added. Usually an organization’s first awareness occurs when the person using the rogue software or device needs technical support and asks for help.

Recent hacking activity is fueling a new desire to limit exposure as well as to engage in discussions around how to best handle shadow IT. To have that discussion, however, we must remember that it includes the wired, wireless and mobile device environments.

The first step in managing shadow IT is not to overreact. Most of the folks responsible for these rogue applications and devices are good employees just trying to do their job. That said, make sure you establish a policy around the introduction of software or systems to the enterprise and educate the workforce to it. Consider creating a process for employees to nominate programs or devices for use so that you can enable innovation with responsibility. Provide a safe environment for those new programs and devices to be deployed within and that users can access to effectively preserve integrity while vetting new capabilities. Above all, create an environment where staff feel comfortable bringing new ideas or technologies to the table. After all, the idea they bring you is the one you don’t have to find.

The second step is to trust, but verify. While many will color within the lines once they understand what is expected and feel empowered to bring forward new things, others will for many different reasons not comply. For those, you’ll need to rely on controls and the network to alert you when something has been added that isn’t authorized or to block it from happening. Here are some tactics:

Port security. This falls in the oldie, but goodie category. Basically, network devices can be configured to remember MAC addresses or configured to enforce a number of MAC addresses on each port. Most modern network devices should support some version of this. Even wireless devices often support some version of managing MAC addresses. The biggest drawback is management. Anytime systems move or are replaced, the port would have to be reset or reconfigured.

NAC. Network access control (NAC) allows you to take port security to another level. It’s easier to manage a large network with NAC versus standard port security since you’re managing based on policies rather than endpoint configuration, however, it’s more expensive and can be very complex to implement. Basically, it allows you to define security requirements that need to be met in order to gain access. This could be simple like what port security provides, or it could be more complex and check patch levels, and/or whether anti-virus is running and current. Defining these policies and managing them across a large network can be a huge undertaking.

802.1x. This is an authentication method. The simplest way to think of it is as a certificate installed on the endpoint. This allows the system to authenticate with an authentication server and shows that the system is trusted. Most organizations use this method mainly on wireless networks, but it can be rolled out over the wired infrastructure as well. The biggest challenges here are certificate rollout and management.

MDM. Mobile device management (MDM) focuses on managing mobile devices. Like NAC, it allows you to establish strong policies for each device that connects and then permits you to manage those devices. Disabling a security feature covered by policy, such as encryption, the use of a password to gain access, or jail breaking the device, will cause it to not connect. This means that you won’t have to punch holes elsewhere in order to provide access to email or other applications and simplifies managing these devices through the use of policies.

VDI. Virtual desktop infrastructure (VDI) is the practice of enabling a desktop operating system within a virtual machine running on a centralized server. With the desktop, essentially a thin client and all of the controls resident on the server are restricted from the user, and downloading, installing or enabling other software and devices at the desktop is not permitted. Better still, its’ not necessary, because one of the big drivers for users to turn to other devices is lack of ubiquitous access to their desktop, but VDI allows you to extend that directly to their tablet or phone. Using VDI not only provides flexibility in providing and restricting access to sensitive systems and data, but also restricts rogue software and devices as well.

Network scanning. This can be accomplished either proactively or reactively through the use of various network scanning and monitoring technologies. Some permit active management as well. Essentially network scanners can look for and find unauthorized devices connected to the network. It can either disable them directly, or investigate and then decide what the appropriate course of action is. Network scanning performed reactively, which usually means manually, can be a huge time sink and delay critical decisions.

Shadow IT offers opportunities, both positive and negative, but creating a strategy for managing it can help eliminate the bad and take advantage of the good. You’ll likely need a combination of the technologies and methods discussed above to be successful. Like anything else we do in IT or security, if we start by thinking through the problem, develop our strategy, define our policies, select our controls, implement, manage and finally audit what we’ve done, we’ll likely have a better chance of succeeding at making shadow IT an ally.

About the author: 

Mac McMillan, FHIMSS, is co-founder and CEO of CynergisTek, Inc., a top-ranked information security and privacy consulting firm focused on healthcare IT industry. He brings nearly 40 years of experience in security and has worked in the healthcare industry since his retirement from the federal government. McMillan participates on many advisory boards, and is recognized as a thought leader in healthcare IT for his contributions to industry publications and events on compliance, security and privacy.

Comment on this Post

Leave a comment:

rosemkramer  |   Sep 17, 2016  5:13 AM (GMT)

Expressing our ideas and have to share with others can examine us how good we are in writing and the topic. Here exactly happen the same and I like the way of writing you have chosen.
Refer: Custom essay service


somnath007  |   Nov 23, 2016  6:00 AM (GMT)

The arrival of the last month of a year means the beginning of the holiday season and also the wait for the new year to begin. You can check out
my site for New Year 2017 Wallpaper, images, quotes, poems and you can use them to wish your
near and dear ones on New Year.


alicetayor  |   Dec 2, 2016  9:08 PM (GMT)

great article, I was very impressed about it, wish you would have stayed next share


maria02  |   Jan 26, 2017  1:32 PM (GMT)

This interview will help lots of people. iPhone 7 Price


melish  |   Feb 1, 2017  2:33 PM (GMT)

A company is increasingly growing for their some good effect able work. Now i am here share with your’s a one site that called coffee maker with grinder reviews it’s will be very helpful for your’s.


alvinaash  |   Mar 14, 2017  12:18 AM (GMT)

Expressing our ideas and have to share with others can examine us how good we are in professional assignment writing and the topic. Here exactly happen the same and I like the way of writing you have chosen.


mahaelgyar  |   Mar 21, 2017  5:35 PM (GMT)

مرحباً بكم عملائنا الكرام نحن من افضل الشركات بالرياض و ارخصها و لدينا جميع الخدمات التي تحل جميع مشاكللك ، نحن من اشهر و اجود الشركات بالرياض نمتلك افضل عماله ماهره و نستورد افضل المعدات الالمانيه الحديثه ، زوروا مواقع شركتنا فنحن في الخدمة

شركة تنظيف بالرياض
شركة تسليك مجاري بالرياض
شركة مكافحه حشرات بالرياض
شركة تنظيف خزانات بالرياض 
شركة تنظيف فلل بالرياض
شركة تنظيف مجالس بالرياض 
شركة نقل عفش بالرياض 
شركة تنظيف منازل بالرياض
شركة تنظيف شقق بالرياض

شركة مكافحة النمل الابيض بالرياض

شركة رش مبيدات بالدمام
شركة مكافحة حشرات بالدمام
شركة مكافحة النمل الابيض بالدمام
شركة رش مبيدات بالاحساء
شركه مكافحة حشرات بالاحساء
شركة مكافحه النمل الابيض بالاحساء
شركة رش مبيدات بالقطيف
مكافحه حشرات بالقطيف

شركة مكافحه النمل الابيض بالقطيف

شركة شفط بيارات بالرياض
شركة تسليك مجاري بالرياض
شركة تنظيف بالمزاحميه 
شركة نقل عفش بالمزاحميه
شركة نقل عفش بالمجمعه
شركة تنظيف منازل بالخرج
شركة كشف تسربات المياه بالمزاحميه
شركة تنظيف بالخرج
شركة نقل عفش بالخرج

شركة مكافحة حشرات بالخرج



jhonkal  |   Mar 26, 2017  1:25 PM (GMT)

Grate article and grate work by shadow It. You can find nice work at best track saw.


petron  |   Apr 3, 2017  8:50 AM (GMT)

for payday credits online has never been more straightforward, with shorter
structures and more online loan specialists to browse. On the off chance that
one trusts this might be the correct street for him or her to take, just
research the organization before giving out any individual data. Cash Advance 


agariohi  |   Apr 4, 2017  5:32 AM (GMT)

Thanks for your sharing! The information your
share is very useful to me and many people are looking for them just like me! Thank
you! I hope you have many useful articles to share with everyone!


adams12  |   Apr 27, 2017  7:11 AM (GMT)

we actually like to serve you the simplest things with 100
percent satisfactions.

cashing New Castle


deobiaoparei  |   May 3, 2017  12:37 AM (GMT)

you wanting to dough into a bank account, the whole amount usually can’t be
instantly opened; there may be additionally a waiting generation for the take a
look at to clear. check cashing


jasonwilliams016  |   May 22, 2017  4:47 AM (GMT)

Apple’s flagship operating system iOS 11 is nearing it’s release. There will be quite a few changes from iOS 10 as well as some compatibility updates. You can check out my site to get all the details about iOS 11, the compatible devices  iOS 11 beta


berthavteasdaletf  |   Jun 20, 2017  11:33 PM (GMT)

Do My Law Project For Me This is really great work. Thank you for sharing such a good and useful information here in the blog for students.


saratdale  |   Jun 20, 2017  11:36 PM (GMT)

Good way of telling, good post to take facts regarding my presentation subject matter, which i am going to deliver in my college


bendo  |   Jun 20, 2017  11:57 PM (GMT)

Thanks for this great article, BB Albania


diadospais  |   Jun 25, 2017  5:20 AM (GMT)

boa informação
Esta é uma ótima dica especialmente para aqueles novos para a blogosfera.
Informações curtas mas muito precisas … Obrigado por compartilhar esse.
Um artigo obrigatório!
<a href=””>mensagem dia dos pais</a>
<a href=””>dia dos pais 2017</a>
<a href=””>feliz dia dos pais 2017</a>
<a href=””>feliz dia dos pais</a>
<a href=””>Cartões de dia dos pais 2017</a>
<a href=””>presente dia dos pais</a>
<a href=””>Cartões de dia dos pais 2017</a>
 <a href=””>mensagem dia dos pais</a>
<a href=””>Mensagem para feliz dia dos pais 2017</a>
<a href=””>Imagens de dia do pai 2017</a>
<a href=””>Frases Dia dos Pais 2017</a>
<a href=””>Cartões de dia dos pais 2017</a>
<a href=””>Frases Dia dos Pais </a>


sheerazkhatri001  |   Jul 1, 2017  3:14 PM (GMT)

It should be noted that whilst ordering papers for sale at paper writing service, you can get unkind attitude. In case you feel that the bureau is trying to cheat you, don’t buy term paper from it. 

Lean Belly Breakthrough


danieljhons  |   Aug 8, 2017  5:31 AM (GMT)

An organization is progressively developing for their some great impact capable work. Presently i am here offer with your’s a one site that called espresso creator with processor audits it’s will be exceptionally useful for your’s.


mdavidsmithm  |   Sep 11, 2017  3:23 AM (GMT)

I love to read such blogs that uses simple and easy word, and your post is really fantastic. I will recommend your blog to my friends so that they can increase their knowledge.


ronpit  |   Sep 14, 2017  1:46 AM (GMT)

this may imply that you jump into a payday credit without completely
understanding what one is.


thutrangctp  |   Nov 3, 2017  4:37 AM (GMT)

Not all are true. Everyone has their own way of thinking but I think they have to reconsider. I like to argue for the most accurate results.


tommyhulk  |   Nov 9, 2017  9:33 PM (GMT)

This is so fun! What a great idea. Also I love how authentic you seem to
be. Your style and passion for blogging is contagious. Thank you for sharing
your life!



michaelmishelle2  |   Dec 8, 2017  5:21 AM (GMT)

I just need essay help for my next assignment that I have to submit till next week. 


alicetayor  |   Jan 8, 2018  9:09 PM (GMT)

Great blog and you are always provided with access to provide useful information like this to us.


bbafrica  |   Jan 20, 2018  7:31 PM (GMT)

Find out more about BB Africa 2019


davidwalker1  |   Feb 27, 2018  7:34 AM (GMT)

This is fabulous article. Thanks so much for sharing.


lindarose11  |   Mar 6, 2018  11:45 PM (GMT)

This is a great article. It gave me a lot of useful information. thank you very much. 


agariohi  |   Mar 16, 2018  4:41 AM (GMT)

Through your pen I found the problem up interesting! I
believe there are many other people who are interested in them just like me!
How long does it take to complete this article? I hope you continue to have
such quality articles to share with everyone! 
I believe a lot of people will be surprised to read this article!

happy wheels


tullambaba  |   Apr 11, 2018  1:56 AM (GMT)

Thanks for making such a cool post which is really very well written. Will be referring a lot of friends about this. Keep blogging.

fort Lauderdale escape rooms


jamesmorton  |   Apr 25, 2018  1:55 AM (GMT)

My friend recommended this 7141X exam questions and he was totally right keep up the fantastic work! Thanks for your page! Your share information it helped me alot!


linkerseo  |   Apr 25, 2018  9:24 AM (GMT)

Extremely pleasant and fascinating post. I was searching for this sort of data and appreciated perusing this one. Continue posting. Much obliged for sharing.  Postpartum endometritis symptoms


linkerseo  |   May 2, 2018  8:24 AM (GMT)

What a to a great degree stunning post this is. Extremely, extraordinary among different presents I’ve ever observed on find in for as far back as I can recollect. Stunning, just keep it up.  natrijum askorbat


supplementdrill  |   May 8, 2018  8:11 AM (GMT)

VitаX Fоrѕkоlin iѕ a diеtаrу supplement сrеаtеd tо оffеr thе bеѕt wеight mаnаgеmеnt ѕuрроrt and tасklе multiple аѕресtѕ оf ѕlimming dоwn. This роtеnt Fоrѕkоlin fоrmulа рrоmоtеѕ healthy wеight lоѕѕ helps control appetite and food сrаvingѕ, rеduсеѕ еxiѕting fаt, but аlѕо рrеvеntѕ thе fоrmаtiоn оf nеw fаt stores.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: