Rogue IT: What Is It And How To Get Around It? - CWPS

Posted by Myra Koshan on October 29, 2015
Myra Koshan

Cisco MerakiRogue IT is one of the dominant issues affecting IT administration today -- and it's constantly increasing in severity. Modern employees are computer savvy but not security savvy, and they tend to manage their IT issues with a "whatever works" attitude. This can be crippling to a company's IT infrastructure and security if it is left unchecked.

The Problem of Rogue IT

Though this isn't always true, rogue IT tends to emerge when there is some inherent failing or absence in the company's internal solutions. The enterprise email service may be unreliable, the filing sharing system may be clunky and difficult to use, or there may simply be no supported solution for encrypting documents. When this occurs, employees are often tempted to resolve the issue themselves -- by utilizing outside devices and tools. Employees may begin using free, personal email accounts, an unencrypted cloud file sharing service, or a freeware encryption suite. Soon, these self-service solutions will proliferate around the office -- and so will any related security issues.

Rogue IT has become exceptionally common. On a small scale, it is seen every time an individual uses their Gmail account rather than their corporate email to send a confidential business document. It may simply seem easier and more intuitive to them at the time -- but that confidential information is now exposed to anyone who has or gains access to their personal email. Likewise, many employees today utilize Dropbox to share sensitive documents because it is a fast, simple solution. Unfortunately, it's not a secure solution. On a hardware level, employees may install personal routers to increase their own Wi-Fi speed, not realizing they have created an inherently insecure connection to the company's infrastructure.

Countering and Reacting to Rogue IT

Rogue IT must be managed through a three-pronged attack: better training, proactive measures, and more oversight. All employees should undergo regular security training and should understand the dangers of utilizing non-company resources. Proactive measures should be taken to solve employee IT issues from the top down, thereby making them less inclined to look for "outside the box solutions." Finally, more oversight is needed so that rogue IT can be better identified. Mobile device management solutions such as Cisco Meraki make it easier for an administrator to track potential issues before they become problems.

In the coming years, rogue IT will become an increasingly difficult to manage issues. Employees today are extremely familiar with a wide variety of applications and services that are all geared towards making their professional and personal lives easier. These solutions are loaded on everything they touch: their personal computers, laptops, tablets, and smartphones. The inclination to utilize these solutions will always be there unless IT provides a better answer. 

Topics: rouge it