The use of rogue technology is becoming more prevalent in remote work environments, weakening cybersecurity.
Panelists speaking at GovCIO Media & Research’s CyberScape: Insider Threats event on March 2, 2023 in Tysons Corner, Virginia. Photo credit: GovCIO Media & Research
Shadow IT, or the use of technology without departmental approval, has long been a concern for technical teams, but remote work has exacerbated the problem, prompting organizations to quickly deploy new IT solutions to support their employees. forced to adopt.
High barriers to entry, slow acquisition processes, and inadequate technology solutions have led organizations to use Shadow IT, leading to data breaches, theft of sensitive information, loss of control over an organization’s technology environment, integration challenges, and high costs. be connected.
Korie Seville, technical director of the Defense Information Systems Agency’s Hosting and Computing Center, said Thursday at GovCIO Media & Research’s CyberScape: Insider Threats event. “But what we’ve learned is that when downrange, enterprise IT services don’t matter. I’m going to do whatever it takes to keep you alive.”
To efficiently support military operations at mission speed, DISA builds automation into its applications from the start.
“In the various wars we are fighting, we need to be able to consume and configure applications at any time of the day or night, which drives a lot of self-service automation,” said Seville. . “Everything we do and every system we create incorporates repeatable and auditable processes for deploying applications, deploying systems and infrastructure, and configuring those systems and infrastructure. , I’m trying to make it available.Starting from scratch.”
As shadow IT increases the attack surface, Kenneth Rogers, Director of Strategy, Planning and Budget at the State Department, said one of the biggest challenges is to make sure everyone knows that “cybersecurity is everyone’s job.” I believe that creating an environment where people can understand
“We are protecting our data and our systems, so we educate our user community to understand the importance and importance of protecting our data and systems,” Rogers said. said at the event. “These are high-value assets that we have…everyone’s passport and visa information is protected by the State Department. How well are we doing it? It’s not just a top-down thing. No. Bottom – it has to be a cultural thing.”
According to Scott Davis, CISO at Customs and Border Protection, balancing security risks with the need for functionality and then delivering that functionality to customers is another challenge that requires educating and changing organizational culture. is.
“It doesn’t matter if enterprise IT can get it when they’re in the downrange, they need it now,” Davis said at the event. “My boss, the CIO of CBP, asks me, including myself from a cyber perspective, to get to yes as soon as possible. Right now, yes is not exactly what users and customers want Maybe. We need to do the educational part so they understand why they don’t get X and that Y meets at least 80% of their needs or requirements.”
