IT security departments need to improve their relationships with their users by going out and talking to them, Red Hat's security strategist Josh Bressers has advised.
Bressers warned that in order to stop the spread of 'shadow IT' within the enterprise, security professionals need to make a bigger effort to understand staff in other departments, warning that "we don't listen very well".
Shadow IT has become an increasing problem for corporate IT managers, as employees use non-approved tools and technologies at work, rather than the systems provided by the in-house team.
"Security is often seen as the industry of 'no'," Bressers said. "We're reaching a point where people are running their own shadow IT, they're spinning up their own internal services. In some cases, they're downloading open source without telling anyone and putting it into their products because it solves their problems."
Part of this, he said, is the ongoing communication problem that enterprise IT suffers from. When employees feel like IT ignores their needs or hampers their progress, they often simply ignore it. "They have a job to do, they want to get their job done," Bressers said, "and if you're in the way, they'll just go round you."
He added that in order to stop users circumventing the IT department, security staff need to become more receptive to the needs of their users. "It's time for the security folks - people like me - to really make a point of working with these organisations," he said.
"Once you understand what people are trying to do, and the problems they're trying to solve, it changes a lot of things."
-
'Digital hide-and-seek': Workers are wasting hundreds of hours a year sourcing the information they need to carry out their roleNews Knowledge workers globally are wasting a quarter of their working week tracking down information, new research from Atlassian has revealed.
-
Untethered: How CIOs and CISOs are paving the way for the new hybrid workforceWhitepaper Effective techniques to transition from exposed legacy infrastructure to an effective zero trust strategy
-
Unlocking the power of your digital servicesSponsored Businesses have invested significant cash into technology since COVID-19, but are they really getting their money's worth?
-
Delivering fast and secure digital experiences for the modern hybrid workforceWhitepaper A new approach to digital experience monitoring that can monitor the health of all systems
-
Collaboration is the glue that holds your business togetherSPONSORED A combination of productivity tools and cloud telephony can enable the best from your workforce
-
The future of work and the forgotten workforcewhitepaper How to deploy a mobile-first strategy so no one gets left behind
-
The case for an accelerated device refresh cycleWhitepaper Achieving a more cost-effective device lifecycle overall
-
Employees are choosing how they workWhitepaper And with the right secure digital strategy, this could be a great thing for your business: today and far into the future
