Panel Discussion: Tackling the Shadow IT ChallengeWays to Mitigate Risks During COVID-19 Crisis
To deal with the problem of "shadow IT" during the COVID-19 pandemic, organizations should put in place redefined compliance and governance policies, take a multilayered security approach and adopt a security framework to prioritize risks, a panel of three experts advises.
Pankaj Dikshit, senior vice president, technology and risk, at Goods and Services Tax Network, which provides IT infrastructure and services to the central and state government and taxpayers, says the problem of shadow IT is more pronounced in newer organizations that lack proper governance structure.
"With mature organizations, we have a governance structure in place," he says in the panel discussion hosted by Information Security Media Group. "They are able to see this through and ensure that the policies which are already in place are implemented."
Uday Deshpande, CISO at the manufacturer L&T Global Group of Companies, says organizations can take several steps to detect shadow IT at the web layer, proxy layer or endpoint layer. "In every layer, you can have those monitoring and detecting technologies," he says.
S.V.Sunder Krishnan, chief risk officer at Reliance Nippon Life Insurance, notes that although businesses typically categorize risks as high, medium and low, "sometimes these medium and low risks can spring surprises."
In this video panel discussion, the three experts address:
- How enterprises need to tackle the "shadow IT" challenge;
- The need to re-define security and governance policies;
- Why monitoring and visibility into network traffic are critical.
Dikshit, senior VP-technology and risk, has led the digital transformation rollout at GSTN, which included the largest tax digitization, a project that needed a constitutional amendment by India's parliament.
Deshpande CISO at L&T, has more than 20 years of experience leading global information security programs, enterprise risk management, and compliance projects.
Krishnan chief risk officer at Reliance Nippon Life Insurance Co., is responsible for overseeing risk management, internal audit, and compliance functions.
Suparna Goswami, associate editor at ISMG, contributed to this report.