Back in the day, "rogue IT" typically entailed departments building servers and putting them under their desks in an attempt to circumvent the IT department and all of the pesky security controls that came with IT-approved servers.\nOften, those servers sat under a desk, inside a closet or back room \u2014 unpatched, unprotected, and non-compliant \u2014 for long stretches of time before finally being discovered.\u00a0\nThose were the good ol' days, compared to the new type of rogue IT that's quickly spreading through today's IT landscape. It's invisible, nearly undetectable, and completely unacceptable, to say the least.\u00a0\nThe new rogue IT involves departments buying things online (think Amazon Web Services, Google Services, and Microsoft Azure), and setting up off-the-books IT operations outside of your organization's boundaries.\u00a0\nTake Joe, for example (not his real name, by the way). As the CIO of a large national corporation, Joe was recently asked when his organization would move to the cloud.\n"The cloud's not ready for us," he explained. "It's not compliant, we can't protect our privacy, and the reporting, backup, and retention requirements just aren't in place for us to do that yet."\nImagine Joe's surprise when told his organization was already spending $300,000 per month on Amazon Web Services.\nThat, my friend, is the new rogue IT.\nAnd it's actually worse than its earlier incarnations. When an unapproved server was sitting under a desk, for example, you could at least detect it at some point. It also sat behind your firewall, and had a bit of protection. But this? This new battlefield where rogue cloud operations live is the Wild, Wild West, my friends.\nWhat to do? How can you possibly detect external, cloud operations when conventional port and vulnerability scans on your network cannot?\u00a0\nOne viable method is an effectively configured DLPEP (Data Loss Prevention\/Data Exfiltration Prevention) system that monitors the edge\/boundaries of your network and monitors data transfer activity at the host level as well.\nA well-executed DLP\/DEP system can enable you to detect data leaving outside of known channels, tipping you off to the possibility that other, invisible IT operations are at play.\u00a0\nOne challenge, of course, is that most organizations don't have this capability (it's not even a federal requirement yet, unless you're a bank).\nDLPEP isn't something data centers can provide, either. Rather, it must be within the boundaries of your firewall so you can control and monitor everything passing through the firewall, as well as workstations.\nThe new rogue IT is spreading quickly, with great potential to wreck the security and integrity of the data under your care.\nWith DLPEP as the only weapon in our arsenal that can spot and counter this new threat, no IT security program is complete without it.