Steve Wexler, who writes the excellent IT Trends & Analysis blog posted yesterday on the topic of shadow IT (aka ‘cockroach IT’). We’d like to share excerpts from the blog that feature the perspectives of our president Ennio Carboni. But you should definitely check out the entire blog too for interesting perspectives and statistics from industry leaders like Cisco and Symantec.

Image39From Steve’s blog:

According to a PwC survey, 50% of IT managers admit that half of their budget is wasted on managing Shadow IT (the unsanctioned use of IT products and services), said Ennio Carboni, President, Ipswitch, Inc. [network management division]. The ‘inability to track, manage and eliminate unapproved software and devices drastically eats bandwidth, slows networks and increases the IT financial/resource burden.’ Gartner says by 2020 90% of IT budgets will be controlled outside of IT and Forrester says IT could be obsolete by then.

However, Carboni said he doesn’t consider Shadow IT as much a problem as a business opportunity for IT. One of the disciplines he’s been able to keep alive is to cold call customers every week, and he speaks to hundreds every month. “Shadow IT is a real trend… (and) I’m a Shadow ITer.”

Carboni said the reason why Shadow IT is growing is because the IT process today for most companies is wrong. Rather than the budgeting approach we’ve been using for the last 20-30 years, organizations should ask what approach do we need that would enable our employees to be more efficient and effective. “I actually view this trend as a positive one, the consumerization of IT.”

In general, IT needs to embrace Shadow IT and become a positive force for standardization through listening, he said. “It’s very inexpensive and very easy for employee to go out there and take on a SaaS-based solution for a short time. Instead of having CISOs appear as a version of big brother, they heed to work on enabling the workforce to bring their own devices and managing the risks.


“After speaking with hundreds of customers, I believe security will go extreme, it will fail… and then we will have more reasonable and progressive policies”. He believes it will evolve like virtualisation, becoming much more proactive and with greater accountability.

Ipswitch offers four steps for minimizing the impact of shadow IT:

  • Flagging unauthorized apps before they cause problems;
  • Perfecting visibility into network bandwidth utilization
  • Monitoring for rogue devices – who is accessing what, when and via what device; and,
  • Identifying root causes of outages and slowdowns faster and speeding time to resolution.


Did you know that the average cost of a data breach is $7.2 million dollars?

Or that the cost of each compromised record is $214, an increase of 7% over last year?

A data breach resulting in the loss or theft of protected personal data will have serious financial consequences on an organization – the least expensive breach reported in 2010 was $780,000 (and the most expensive one was over $35 million).  You can read more about the cost of data breaches in the Ponemon Institute’s 2010 U.S. Cost of Data Breach survey results.

Here are a few other key takeaways:

  • For the 5th year in a row, data breach costs have continued to rise
  • Lost business accounts for over 60% of data breach costs, the remaining amount is data breach detection, escalation, notification and response
  • Escalating data security threats and compliance pressures are driving rapid responses to data breaches, resulting in higher costs
  • Criminals now account for 31% of data breaches and they are significantly more expensive to contain and fix
  • Negligence remains the most common threat, and an increasingly expensive one

What is your organization doing to ensure the privacy and confidentially of your information, including when it’s sitting on your servers, being shared between systems and business partners, and shared between people?  And don’t spend all your time combating criminal threats…. Negligence now accounts for 41% of data breaches, you must safeguard against negligence too.

Go ahead, estimate the data breach risk to YOUR organization.  First, ballpark how many pieces of sensitive files and data are floating around your company today…. Then multiply that number by $214.  I’m sure you’ll agree that the ROI on the time, technology and resources spent to protect company data are well worth the investment and risk avoidance effort.

Since wireless technology is insecure, companies or anyone can take a proactive approach to try and identify hackers trying to gain access via wireless networks.

Honeypots are fake networks setup to try and lure in hackers. This enables administrators to find out more about what type of techniques hackers are using to gain access. One product is Mantrap created by Symantec.

“ManTrap has the unique ability to detect both host- and network-based attacks, providing hybrid detection in a single solution. No matter how an internal or external attacker tries to compromise the system, Symantec ManTrap’s decoy sensors will deliver holistic detection and response and provide detailed information through its system of data collection modules.”

Intrusion Detection – Intrusion Detection is software that monitors traffic on the network. It sounds out a warning if a hacker it trying to access the network. One such free product is Snort.

“Before we proceed, there are a few basic concepts you should understand about Snort. There are three main modes in which Snort can be configured: sniffer, packet logger, and network intrusion detection system. Sniffer mode simply reads the packets off of the network and displays them for you in a continuous stream on the console. Packet logger mode logs the packets to the disk. Network intrusion detection mode is the most complex and configurable configuration, allowing Snort to analyze network traffic for matches against a user defined rule set and perform several actions based upon what it sees.” <>

Network Monitoring- Network Monitoring would be products such as snort that monitor the flow of traffic over the network.

Quick tips and tricks

* When setting up wireless networks and access points there are a few quick steps that can be taken to immediately secure the network, even though it does not make it secure. Some of these ways include:

* Change your default SSID: each router or access point comes with a default SSID. By changing this it can take longer for an attacker to know what type of device he is trying to hack.

* Change the default password – generic default passwords are assigned to access points and routers. Sometimes the password is admin. By changing this password, the attacker cannot modify settings on your router as easily.

* Disable broadcasting SSID: By default AP‘s broadcast their SSIDs, if you shutoff this setting it is harder for outsiders to find your AP.

* Enable MAC filtering: WARNING: this can only work in smaller environments where a centralized access list does not need to be maintained. You can enable only specific wireless cards to access the AP by only enabling those MAC addresses.

* Turn off shares: If security is important, scanning for shares and turning off the shares on the network can help. Also encrypting sensitive data can prevent hackers from accessing the data.

* Put your wireless access points in a hard to find and reach spot.

* Keep your drivers on all wireless equipment updated. This helps patch existing security vulnerabilities.

* Read current press releases about emerging wireless news.


Enhanced by Zemanta