Many public employees use unsanctioned software on work computers. It poses serious security risks
By Tod Newcombe | Governing
Michael Roling, Missouri’s chief information security officer (CISO), knew that some of the state’s 40,000 employees were using unapproved software they had downloaded from the cloud to their work computers and devices. But when his team ran a special software tool to figure out how extensive the practice was, they were surprised to learn that more than 2,500 unknown software programs or services were operating throughout the state’s IT network. “It was definitely an eye-opener,” Roling says. “We guessed we had some problems, but it turned out the number was far greater than what we could imagine.”
Roling isn’t the only IT official to miscalculate the size and scope of the problem. CISOs routinely underestimate the number of unsanctioned software programs that workers are using. A report from SkyHigh Networks, a software security firm, found that the typical public-sector organization uses nearly 750 cloud services — 10 times the number IT departments expect to find.
“Individuals and companies are not the only ones rightfully concerned about data breaches. Government agencies are also being more vigilant in their efforts to prevent such breaches in ways we should all take note of. With a world of information at our fingertips, it has become easy to forget that an innocent download can result in breaches in cyber security.”