Management / #TEISS15: How to control shadow IT initiatives

#TEISS15: How to control shadow IT initiatives

What do Igloos and the networks have in common? Patrick Grillo, senior director of solutions marketing at Fortinet, says “they both have hardened parameters, but are soft and gooey on the inside".


The theme for Grillo’s speech at The European Information Security Summit 2015 was not about igloos, rather how to control the growth of shadow IT initiatives. But if an organisation has a lot of unauthorised IT in its network it will weaken the inside of its perimeters.

Although users believe they are using secure services which require them to put in usernames and passwords to access, recent data breaches have shown that there are risks.

Grillo said: “There needs to be awareness of using shared services and security consequences.”

According to Grillo, the number of applications people use over the internet has grown, but most of these applications use the same set of characteristics. IT departments need to go deeper into the package and recognise one application from another and block them.

Firms need to balance freedom and security, Grillo said. They must manage users’ expectations and have a process in place for vetting services that users want access to.

Click to view Patrick Grillo’s TEISS 2015 presentation slides.

Catch up on the rest of our coverage of The European Information Security Summit 2015.