Waking Up to Cybersecurity’s New COVID-19 Reality

The COVID-19 pandemic is creating emergent risks and cybersecurity challenges. Chief Information Security Officers (CISOs) and other security organization leaders are on the firing line, finding themselves responsible for everything from remote access security to business continuity management (BCM) to… Continue reading

Place Information Risk Accountability at the Right Level

Too often, information risk accountability isn’t at the right level due to poor alignment between security and business leaders. It’s time to transform the way we communicate risk to the business. When the security program struggles with an issue, bring… Continue reading

Rational Cybersecurity Open Access Book Announcement

Exciting News: I found the perfect publisher for Rational Cybersecurity for Business. Apress, a Springer Nature company, will be publishing my book in May 2020 through the ApressOpen program. This means the industry’s first comprehensive Security Leader’s Guide to… Continue reading

Cybersecurity Deficit: More than a Skills Shortage

New Services to Cut the Cybersecurity Strategy Deficit

As 2020 gets underway, we’re excited to announce a more modular and agile cybersecurity, identity management, and risk management consulting services catalog. More than ever the world needs rational cybersecurity leadership, business… Continue reading

Shadow IT: Cultivating the Garden

Shadow IT is an explosion of cloud computing adoption for business use by employees and groups with no IT involvement. Shadow IT can lead to unintended and undesirable security risks, compliance concerns and hidden costs. But through collaborative IT governance processes, it can also be made beneficial.

shadow IT taxonomy & sanctioned or unsanctioned cloud services

If business units are getting what they need in a manner that is quick, cost-effective and/or convenient, then what is wrong with shadow IT anyway? The problem is that although services unsanctioned by IT may satisfy an immediate need from one part of the business, they are not optimized to the all the needs – or risks – of the business.

Left unchecked, shadow IT can lead to higher costs and rising risks. The true cost of public cloud can ultimately become much higher than the nominal cost from providers as the IT organization or the business units struggle with integration, security, and other issues. Just like that higher cable TV bill that snuck up on me a few months ago, initial subscription discounts for shadow IT in the cloud can become false economies.

How Bad is It, Really?

According to the Oracle and KPMG Cloud Threat Report 2019, 92% of 450 IT and security respondents were concerned about shadow IT. Participants found that shadow IT had led to unauthorized use of data, introduction of malware, and other issues. Unfortunately, survey results also indicate policies against the use of unauthorized services are routinely flouted.

On the other hand, Entrust Datacard’s report, “The Upside of Shadow IT: Productivity Meets IT Security” report found that 77% of 1,000 respondents believed shadow IT can make businesses more competitive and that efforts to eradicate it could actually make it more prevalent even among IT users.

Rather than thinking of these as dueling reports we can see them meeting in the middle on the need for a governed enterprise multicloud offering.  Facing a clear and present danger, businesses will often empower security to “come up with a strategy to control shadow IT.” However, security leaders should resist the temptation to come down too hard on the business with draconian policies. Instead they can engage the business leaders and help them understand risks and accountabilities. Continue reading

Ineffective Response and Perverse Insurance Incentives Compound Ransomware Problems

Cybercriminals are mining a lucrative revenue source – ransomware. These attackers launch malware to encrypt digital files and demand bitcoin payment to unlock them. We know that local governments are often paying ransom and that private industry is also suffering… Continue reading

Subscribe to Blog Notifications...  HERE