“I am only trying to do my job more efficiently,” you reason – “How far wrong could I go?”
And so the slippery slope down the life of rogue IT begins – downloading unauthorized apps; using Dropbox, Google Docs, or any other SaaS; the consequences of which are document leakages, lost business and financial penalties. A recent survey found 27% of workers who went rogue reported immediate and dire consequences, including sharing valuable information with a competitor, to lawsuits that resulted in financial penalties (United Sample, 2013).
With employees relying on their personal smartphones and cloud apps to get anywhere, anytime access to company systems and data, they no longer see the need for the IT middleman. They want consumer-grade tools – all the time. As business users increasingly place ease-of-use above security, harmon.ie, along with a distinguished panel of mobile enterprise solution experts including Benjamin Robbins, Bob Egan, Christian Buckley, Maribel Lopez, Michael Krigsman and Nicholas McQuire, saw the need to highlight the broad impact of rogue IT in the consumerized enterprise. To do so, we held a “horror story” contest, where the stories submitted uncover outstanding exploits perpetrated by employees who have broken the rules by using unapproved tech for good or bad…and lived to talk about it. The three anonymous winners announced below each walk away with a Samsung Galaxy S IV. Before diving in, we wanted to give a big shout-out to the panel of leading analysts, consultants and technology providers listed above; read more about our expert judges here.
First place in the rogue Hall of Shame goes to a new MacBook owner, who frustrated by the lack of Wi-Fi in his office, invested in a wireless router. The router was so simple to setup – it did not require configuration of wireless or security settings! All was fine, until a few days later, the executive noticed his internet was running slower than usual. Thinking it was just his ISP he ignored it, but after a few days with no improvement he called in a security expert to assess the situation. The expert discovered that someone was sitting in on the local network and had captured, or “sniffed”, all of the wireless traffic from the portable router – including all the passwords to the company’s accounting and file server, which were being sent to a server in Asia! There was no trail, and to this day our executive isn’t sure what was taken or by whom.
“Users want to work in their own ways, including the CEO,” advises judge Nick McQuire, CEO at The Global Enterprise Mobility Alliance (GEMA). “Something as harmless as wanting to work wirelessly in the office via a single Wi-Fi router can have such drastic repercussions. This simple story stands out because everyone will identify with this and shiver in fear as it pertains to their business and personal contexts.”
Second place goes to two doctors, who left their positions with a hospital, yet continued to book their travel and vacation plans through the hospital’s travel service. This rogue behavior was made possible because the hospital had recently switched their apps to the cloud and had moved all personal information management systems to Google Apps. While their Google credentials were shut down, Active Directory didn’t have any policies to de-provision the other applications. It took two or three quarters before the CFO discovered the departing doctors’ rogue purchases!
Third place is awarded to the security team of a large nonprofit that anonymously called up Dropbox to investigate recent hackings and rumors of rogue IT use. The team was alarmed to discover that Dropbox had a list of 1600 user names and email addresses of rogue IT users in its company.
Lastly, an honorable mention goes to a small rogue IT group, working in a biotech company. Feeling neglected by IT, this group one day decided to install and turn on an accelerator card in each of two buildings’ Catalyst 4500 series switches. After reports of file shares missing, and interrupted internet access, the IT folks spent hours troubleshooting individual network connections and looking for viruses. Eventually one of the network guys realized the “accelerator” cards had been added to the Cisco Catalyst switches in the building and they started honing in on the problem. Unplugging the cards instantly solved the issue, but not before employees missed a full day of work and critical data was lost.
For the full winners stories click here. Congratulations to our winners, and thank you to all who submitted stories!
What can we learn from these stories?
The problem with rogue IT is that it is readily available and it represents an insanely easy solution for employees, who don’t always consider the consequences. Rogue behavior is costing US organizations $2B a year to clean up (according to a recent survey conducted of 500 businesses by uSamp - United Sampling).
If your organization is not providing secure, timely alternatives that are as simple to use as what business consumers can find elsewhere – you are at a serious risk of rogue IT. For instances, if your organization already uses SharePoint, it is worthwhile to ensure your employees are securely using it across all platforms, including mobile devices. Learn more about how to provide easy to use mobile access to SharePoint here.
For those just catching up on these stories: how has #RogueIT impacted your organization, and what have you done to prevent it? The contest is over, but we’d love to continue the conversation in the comments below or on Twitter.