"NCSC Publishes New Guidance on Shadow IT"

The UK’s leading cybersecurity agency NCSC has released new guidance for system owners and technical staff on managing shadow IT in their organization.  Shadow IT refers to the devices and services employees use for work without the IT department knowing.  They could include smart devices, servers, virtual machines, cloud storage, and unapproved messaging or collaboration tools.  The NCSC stated that since these are not accounted for by asset management nor aligned with corporate IT processes or policy, they’re a risk to organizations.  NCSC argued that given the potentially serious repercussions of shadow IT, technical teams should focus on finding where it exists in the organization and address the underlying causes of it.  The NCSC shared both organizational mitigations and technical solutions to the shadow IT challenge.  The latter includes network access controls, asset management, network scanners, unified endpoint management, and Cloud Access Security Broker (CASB) tools.

Infosecurity reports: "NCSC Publishes New Guidance on Shadow IT"