[BreachExchange] The rise of shadow IT: Why IT administrators face risk data loss

Audrey McNeil audrey at riskbasedsecurity.com
Fri May 27 14:29:28 EDT 2016


http://www.itproportal.com/2016/05/27/the-rise-of-shadow-it-why-it-administrators-face-risk-data-loss/

Two of the biggest drivers behind data loss and possible data security
challenges are technological progress and cost or resource restraints.
Organisations are struggling to effectively manage corporate data in light
of the rise of ‘shadow IT’, poorly implemented storage solutions and lack
of employee know-how, all of which can contribute significantly to data
loss. So what are the risks and how can IT departments mitigate against
them?

The rise of shadow IT

Organisations’ security policies are not keeping up with employee
technology use. Inexpensive data storage and an increasingly tech-savvy and
mobile workforce, mean that IT teams are struggling to manage shadow IT –
the IT systems and solutions built and used inside an organisation without
organisational knowledge or approval.

As employees take it upon themselves to store business data outside of the
corporate IT environment – on external hard drives, online email services,
or even an off-the-record departmental NAS system – potentially critical
data is not included in corporate backup and security practices, opening up
the possibility of data loss.

To counter this risk, organisations should audit the use of IT solutions
outside of company purview, maintain a register of all devices and external
hard disks being utilised, and ensure these are included in the company’s
security and backup protocols. Additionally, organisations can ensure that
their data security policy outlines the parameters around including or
excluding the use of external storage.

Poorly implemented server or storage solutions

Even the most advanced high-end storage solutions require human
intelligence to manage them, which at times can result in malfunction or
failure. While built-in recovery functionalities help protect against data
loss, we have seen a rise in data recovery cases where IT storage equipment
was not properly set up by a third-party service provider. This can lead to
data loss when the recovery or rebuild functions do not work as way they
should.

It’s important to ensure when selecting a third-party vendor that they are
recommended or certified by the storage manufacturer. As part of system set
up, it also helps to test to ensure the system is functioning properly,
including the restore functions, and make sure internal administrators are
fully trained on any new system requirements.

Knowledge gap

There is no doubt that managing today’s virtual IT environments and
hyper-converged storage systems is complex and requires a very deep
understanding of all the technologies behind these solutions. Small
missteps can also have disproportionately large consequences; accidentally
deleted data or disks removed in error can produce dangerous downstream
data loss effects. Due to time and cost constraints, many companies lack an
in-depth training program for their IT staff to fully understand and be
able to effectively manage system nuances and procedures.

Considering the potential financial business continuity costs associated
with enterprise data loss, companies should evaluate and invest in proper
training and development of IT administrators responsible for handling
server and storage systems storing sensitive and business critical data.

Top tips for success

In light of changing storage trends like shadow IT, today’s complex
environments demand that IT teams have a good understanding of all the
systems that support the business and the security protocols around the use
of company devices.

It’s equally important for IT departments to work with their legal and
information security teams to implement clear policies to manage data, and
to invest in properly training IT personnel to provide the best chance of
minimising data loss should an organisation experience a system challenge.

To ensure the best chance for an effective resolution, we recommend IT
departments adhere to these best practice processes:

Avoid panicking and rushing to action

If data loss happens, do not restore data to the source volume from backup
because this is where the data loss occurred in the first place. Do not
create new data on the source volume, as it could be corrupt or damaged.

Be confident in skills and knowledge

IT staff must help leadership avoid making decisions that do more harm than
good. When specifically faced with a possible data loss event, take the
volume offline quickly. Data is being overwritten at a rapid pace, and the
volume should not be formatted to resolve corruption.

Have a plan

Follow established ITIL processes and ensure data centre documentation is
complete and revisited often to ensure it is up to date. In particular, do
not run volume utilities (CHKDSK/FSCK) or update firmware during a data
loss event.

Know the environment (and the data)

Understand what the storage environments can handle and how quickly it can
recover. Know what data is critical or irreplaceable, whether it can be
re-entered or replaced, and the costs for getting that data up and running
to a point of satisfaction. Weigh the costs and risks when determining what
is most urgent – getting systems up and running quickly or protecting the
data that is there.

When in doubt, call a data recovery company

While the manufacture or vendor may be a good starting point, the value of
data and the potential for data loss when getting a system backup and
running may not be top of mind. Consult a reputable data recovery company
if concerns over data loss potential arise.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160527/bd1a96e3/attachment.html>


More information about the BreachExchange mailing list