It appears that Francis Maude, the Minister for the Cabinet Office in the United Kingdom government is getting a little frustrated with technological solutions available to him in Whitehall. So much so that he has “installed his own wi-fi“. In Whitehall. In his office. In government. Nothing to worry about there then…
The news is particularly ironic, coming on the same day that Mr. Maude’s department issues their press release relating to the “Radical overhaul for Whitehall security“. You don’t say!
While we might applaud Mr. Maude’s desire to get the job done, his willingness to endanger the security of the government network, systems and data is incredible. If he really has “installed his own wifi” as the story suggests, then that network segment will not be configured, managed or audited by security experts in Whitehall, rendering them blind to the the risks it represents. It will almost certainly connect networks not designed to be connected, effectively punching a hole through numerous layers of security. It will allow access to those systems from unmanaged devices (phone and iPad) which reside outside of the corporate network and represents a massive security breach and a disaster waiting to happen. Quite aside from the worrying practical concerns it will make compliance with almost any standard you care to mention extremely problematic, if not impossible.
The phenomenon is not new, it is called Shadow IT. Shadow systems grow up in the dark spaces under desks and in the cupboards and pockets of employees who are simply trying to get the job done, employees like Mr. Maude. In an effort to access, process or disseminate information quickly and effectively they will buy, install and use whatever technology works. Very often congratulating themselves on their canny technology combinations and their wily ways around the system.
Shadow IT is the USB stick in your pocket, it’s the DSL link under your desk or the wireless access point in the cupboard. In the new paradigm of consumerisation and cloud the problem is exacerbated. Webmail becomes a covert channel, unmanaged file-synchronisation services a back door and virtual servers in someone else’s cloud often end up holding the crown jewels of the organisation outside every process and oversight of the business owner.
Very often, as is the case with Mr. Maude it’s the BYOD aspect of consumerisation that is the prime mover of this illicit infrastructure on today’s enterprise. Francis Maude wants to be able to “use his phone and his iPad in his office” and the (hopefully) secure and managed systems are too “clunky” to allow him to do this. Perfect solution? Throw an unmanaged wireless network in there to bridge the technology gap, not.
Consumerisation, along with Cloud and Cyber-attacks, is one of the three biggest challenges faced by organisations today. The challenges they represent are not insurmountable, but actions like those of Mr. Maude demonstrate, yet again, that it’s not only the bad guys you have to worry about.