By Greg Keller Posted September 24, 2015
There are a number of reasons why shadow IT is dangerous. Sprawl of servers is dangerous, too. That’s because there are significant risks to an organization with uncontrolled growth of IT infrastructure and resources. The main risks include security instability and vulnerability, a lack of compliance, and cost. While shadow IT and server sprawl are disconcerting, it’s equally important for IT admins to get a handle on identify sprawl, because it puts your company at great risk.
Due to the cloud, web applications, and SaaS-based services, a user’s identity is their ticket to accessing everything they need online. For organizations, this can be daunting to control and manage. Most companies don’t have a central directory service that connects to everything that a user needs. Historically, Microsoft® Active Directory® and OpenLDAP™ were the directory services of choice. Active Directory would connect users to the Microsoft devices and applications that they needed, and OpenLDAP would handle access to more technical platforms, such as Linux devices and Unix-based applications.
As both organizations and individuals alike have increased the number of cloud services used, on-premises directories are unable to fully control user access. The result? Users are creating new identities on cloud platforms; for example, to access AWS® cloud servers, login to SaaS-based applications like Salesforce, and access their personal web applications, including social applications like LinkedIn and Twitter.
IT organizations should care if a user has multiple identities to access for three critical reasons: control, security, and visibility.
If IT admins don’t have complete control over all of the applications and devices a user uses, then they are unable to control that resource on behalf of the company. For instance, when an employee leaves the company and is the only one with access to a key IT service, the company has unfortunately lost control. And a loss of control is a major IT risk. Whether it was a project management solution, a billing platform, or financial system, the IT admin now has to track down the employee and ask for those credentials. In most cases, this is a hassle; but is some cases, this is a significant risk issue. If the employee is uncooperative or cannot be reached, how is the company going to access its information? IT must have central control over all its resources, regardless of what they are.
With the number of security breaches escalating dramatically, IT organizations want to limit their exposure. The number one culprit of being compromised is a loss of credentials. For example: when an employee’s account is hacked on a site that they access using the same credentials they use internally at your organization, you are now exposed and hackers could have access to your corporate systems. This has happened in the past and will continue to happen unless IT admins enforce strong identity controls that include strict password requirements, multi-factor access on devices and applications, and consistent training to teach employees to use separate passwords per service, in the absence of a password manager.
If IT doesn’t know about an application or service, they can’t connect it back to a corporate directory. If the directory service has limited protocol support, then there will be, by definition, multiple directories, which increases risk. Another way to ensure visibility is for IT to be, culturally speaking, accepting of new applications and services that their users want. By doing so, this acceptance will eliminate Shadow IT and bring potentially problematic IT resources into systems adherence . If employees get the applications they want and follow protocols, they are less likely to sign up for or use a service the IT team doesn’t know about, which ensures there is visibility into everything.
Just as server sprawl and Shadow IT can hurt a company, identity sprawl can, too. Identity sprawl is a major risk for organizations today, especially companies leveraging the cloud. The good news is that there are two straightforward and cost-effective ways for IT admins to mitigate the risk of identity sprawl.
- Choose a central directory service — this will allow access control to every platform, IT application, or service used by the business. How to achieve this: find a flexible directory service that leverages multiple protocols and can manage both on-premises and cloud-based services.
- Create a culture of understanding — everyone on the team should understand the risks of compromised identities. Identity theft is a common financial services topic, so leverage that understanding when relating to corporate identities. This way, everyone on the team is invested in eliminating iIdentity sprawl and keeping the company secure. Additionally, IT being open to new and innovative technologies will help reduce the chances of Shadow IT taking hold . Creating a culture of understanding is a significant benefit to organizations.
If you would like to learn more about how JumpCloud® Directory-as-a-Service® can help eliminate identity sprawl, drop us a note. We’d be happy to talk to you about it further.