Note that the fine was over how the Shadow IDs were used. Not for the existence of them.
We have to be very careful of corporate overreach in these instances as it is possible that an intervention could be overstepping employee rights. I can imagine that if the employees in question were not involved in any illegal financial activity but instead were organizing a union, however unlikely that may be. A company that attempting to shut that down could be opening the possibility of a lawsuit. Likewise if it was just chit-chat, the company could be violating freedom of speech rights.
In any case, there should be clarity to employees over what is or isn't permitted, and managers should seek legal council before implementing such policies.
------------------------------
Jay Bodkin
Co-Founder
SDA Academy Inc
------------------------------
Original Message:
Sent: 06-27-2022 09:46
From: Dylan D'Silva
Subject: What are Shadow IDs? JPMorgan Fined $200M for employees using non-sanctioned applications for communicating about financial strategy
This is a great article that discusses the importance of understanding Shadow IDs and how detrimental they can be to a business. Admittedly, I had never heard the term before (but do understand what Shadow IT is). The best scenario I can describe is, a few employees of an organization spin-up their own Discord server or separate, standalone Slack instance to discuss work related issues, circumventing the approved communication methods.
Shadow IDs have large implications for companies trying to manage and reduce their risk around IAM and PAM, and Digital Identity as a whole.
Does anyone have any experience in dealing with Shadow IDs and what they've done to mitigate the risk?
https://thehackernews.com/2022/06/what-are-shadow-ids-and-how-are-they.html
------------------------------
Dylan D'Silva
Security Researcher
------------------------------