How to disarm the threat of Shadow IT

Johanna Winqvist
Read Time, 4 min.  

One of the biggest threats to business security comes from within. Are you equipped to deal with the threat of shadow IT?

Microsoft’s extensive Work Reworked report shows that with change becoming the new norm for businesses everywhere, the challenges to security lie not just from outside the organisation but also from within.

Throwing open the doors to cybercrime is the extensive use of non-compliant applications. As younger generations enter the workforce and expect the same kind of freedoms in the workplace that they enjoy in their personal lives, there’s never been a more pressing need to stay ahead of the game.

Single-minded on safety

The scale of the problem is highlighted in Microsoft’s eBook How to Identify the Weak Links in Your Security which reveals that while 42% of data breaches are caused by technical faults, 58% is down to human error.

In recognition of the challenges facing its compliance, the Mediterranean Shipping Company (MSC) streamlined its IT offering to give easy access to approved data and tools across the company.

MSC is comfortable dealing with business on a global scale. So, when it came time to standardising IT tools in 148 countries it demanded an approach that reflected the way it manages its 460-strong fleet of container ships around the world: decide on the best route to a destination, and arrive there as quickly and safely as possible.

“We looked at Google, but Microsoft showed us that it has a more complete vision about the communication environment today and what it needs to be tomorrow,” says Fabio Catassi, Chief Technology Officer at MSC.

In addition to Microsoft Exchange Online Protection hosted email filtering service, MSC has adopted Office 365 Advanced Threat Protection to help protect its mailboxes in real time against sophisticated attacks. “The beauty of the Microsoft approach to multilevel security is that from a central console, we can control malware detection and check attachments and unsafe links—all as part of our Office 365 solution,” says Catassi.

Security with agility

Global protective coatings provider, Hempel, helps to protect all sorts of structures from damage and corrosion—from ships to wind turbines, and from hospitals to containers. While its legacy platform was secure, the company realized the external threat landscape was evolving faster and faster, and knew the time had come to upgrade.

By switching to Microsoft 365 E5 with Windows Defender Advanced Threat Protection, Hempel has now optimized its security posture, and reduced complexity by centralizing security management. “Cyber criminals are becoming ever more agile. Migrating to the cloud allows us to remain current all the time, and to be agile, too,” says Mark Sutton, Digital Infrastructure & Operations Director at Hempel.

Sutton has made a shrewd move. An incredible 23% of social engineering phishing attacks are successful due to recipients opening messages they receive from increasingly creative attacks. Even the savviest end user can fall victim which is why making compliance easy for employees is paramount.

In response, Hempel has also rolled out Office 365 which, according to CEO Henrik Andersen, has reduced the use of Shadow IT and encouraged employees to collaborate like never before. “We didn’t want to say, we have a new intranet, new teams, new groups, and so on. We just say, ‘It’s all on the collaboration platform, and this is the toolbox that it contains.’”

And, with 67% of IT security practitioners unable to detect which employees use insecure mobile devices, sensitive data is at risk with each new device and every new user adding another potential entry point of attack.

One step ahead

The expansion of Drylock Technologies, a leading manufacturer of ultra-thin absorbent hygiene products, was so rapid that there had been no time focus on IT. The impetus for radical change came in February 2017, five years after the company was founded, when Drylock acquired a manufacturing plant in Eau Claire, Wisconsin, US.

Realising each site was an island, with employees using ‘fifty different ways’ to communicate, Drylock sought a more secure, more intelligent communication solution. Its ambition? To future-proof the company and create a unified workplace where everybody could work anytime, anyplace, and be reachable anywhere.

A one-month trial of Office E5 with Calling Plan in Eau Claire confirmed Microsoft as the right choice. Further rollouts across other locations swiftly followed and has been so successful that Group Infrastructure and Operations Director Jurgen De Wolf is determined to migrate all remaining sites to Calling Plan as soon as it is available.

“It has revolutionised our company’s way of communicating,” says De Wolf. “It has optimized all operations in all ways, and we can quantify what people are doing, which was impossible before.”

What these stories tell us is that those who have made the decision to simplify their ways of working are not only reducing their risk to compliance, but reaping benefits beyond expectation. In the new world order of constant change, surely that’s a step worth taking today.

Free eBook: How to reduce your compliance risk

Learn how to get proactive around compliance and respond to compliance concerns with our new eBook.

Articles you may be interested in:

Working secure

Privacy and protection of your data in Microsoft Teams