• United States

The new Rogue IT: A growing, invisible threat to your IT operations

Jan 27, 20163 mins
Cloud ComputingCloud SecurityData Center

Meet the new rogue IT — a growing trend that may have already found its way into your organization.

Back in the day, “rogue IT” typically entailed departments building servers and putting them under their desks in an attempt to circumvent the IT department and all of the pesky security controls that came with IT-approved servers.

Often, those servers sat under a desk, inside a closet or back room — unpatched, unprotected, and non-compliant — for long stretches of time before finally being discovered. 

Those were the good ol’ days, compared to the new type of rogue IT that’s quickly spreading through today’s IT landscape. It’s invisible, nearly undetectable, and completely unacceptable, to say the least. 

The new rogue IT involves departments buying things online (think Amazon Web Services, Google Services, and Microsoft Azure), and setting up off-the-books IT operations outside of your organization’s boundaries. 

Take Joe, for example (not his real name, by the way). As the CIO of a large national corporation, Joe was recently asked when his organization would move to the cloud.

“The cloud’s not ready for us,” he explained. “It’s not compliant, we can’t protect our privacy, and the reporting, backup, and retention requirements just aren’t in place for us to do that yet.”

Imagine Joe’s surprise when told his organization was already spending $300,000 per month on Amazon Web Services.

That, my friend, is the new rogue IT.

And it’s actually worse than its earlier incarnations. When an unapproved server was sitting under a desk, for example, you could at least detect it at some point. It also sat behind your firewall, and had a bit of protection. But this? This new battlefield where rogue cloud operations live is the Wild, Wild West, my friends.

What to do? How can you possibly detect external, cloud operations when conventional port and vulnerability scans on your network cannot? 

One viable method is an effectively configured DLPEP (Data Loss Prevention/Data Exfiltration Prevention) system that monitors the edge/boundaries of your network and monitors data transfer activity at the host level as well.

A well-executed DLP/DEP system can enable you to detect data leaving outside of known channels, tipping you off to the possibility that other, invisible IT operations are at play. 

One challenge, of course, is that most organizations don’t have this capability (it’s not even a federal requirement yet, unless you’re a bank).

DLPEP isn’t something data centers can provide, either. Rather, it must be within the boundaries of your firewall so you can control and monitor everything passing through the firewall, as well as workstations.

The new rogue IT is spreading quickly, with great potential to wreck the security and integrity of the data under your care.

With DLPEP as the only weapon in our arsenal that can spot and counter this new threat, no IT security program is complete without it.


Rich Banta, co-owner, is responsible for compliance and certifications, data center operations, information technology, and client concierge services at Lifeline Data Centers, a leader in data center compliance, excellence and innovation. Rich has an extensive background in server and network management, large scale wide-area networks, storage, business continuity, data center design and data center operations.

Rich is a former CTO of a major health care system, and he is hands-on every day in the data centers. He also holds many certifications, including: CISA - Certified Information Systems Auditor, CRISC - Certified in Risk & Information Systems Management, CDCE - Certified Data Center Expert, CDCDP - Certified Data Center Design Professional, and CTIA - Certified TIA-942 Auditor.

The opinions expressed in this blog are those of Rich Banta and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.