Posted On: April 18, 2019
Topic: Cloud & Hosting Solutions
No doubt about it — if your company has employees, you have shadow IT. According to a survey conducted by Stratecast and Frost & Sullivan, 80% of employees say they use applications on the job that aren’t approved by IT.
Shadow IT brings up security, integration and operational challenges. Companies have three paths to choose from when it comes to dealing with shadow IT — they can accept it, try to suppress it or ignore it. The latter option may be the path of least resistance, but can put the organization at tremendous risk. Ignoring shadow IT can threaten enterprise systems and data, and a security-conscious enterprise must have a plan for effectively dealing with shadow IT.
Defining Shadow IT
Shadow IT is an umbrella term referring to any technology, be it an application or device (smartphone, tablet, laptops, etc.), deployed within an organization without the approval from the IT department. IT departments are often unaware that applications are being used by either individual employees or entire line of business units.
Most employees who adopt unsanctioned solutions do so with good intentions, not to undermine security, but to more effectively do their job. With the plethora of business and productivity applications available and the ease of installing these applications, shadow IT continues to propagate. Oftentimes, the process of seeking official IT approval for new applications is onerous and long, so employees take matters into their own hands. The cloud and mobile are large contributors to the shadow IT problem.
Common shadow IT examples include:
The Risks of Shadow IT
According to Cisco, 80% of end users use software not cleared by IT, 83% of IT staff admit to using unsanctioned software or services, and only 8% of all enterprises actually know the scope of shadow IT within their organization!
Shadow IT, without a doubt, adds risk into your organization, and your employees are your weak link. Michael Bruemmer, vice president of Experian Data Breach Resolution explained, “As we have seen in our incident response service that we do for clients, about 80% of all the breaches we service have a root cause in some type of employee negligence.” When non-sanctioned applications and devices are in use, vulnerabilities can be introduced into the infrastructure, and without IT oversight, the root-cause is very difficult to find. Some examples of the risk that shadow IT introduces includes:
Managing Shadow IT
Organizations must place a high value on reigning in shadow IT and work closely with lines of business to mitigate their risk. Suggestions include:
In the long run, CIOs need to develop comprehensive procedures for approving cloud applications that are fast and efficient so that employees will not need to go around the system in a rogue manner. When employees are given a choice on what devices and applications they can use, it improves productivity, drives innovation and increases morale. So, embrace shadow IT in a way that manages risk and keeps your organization safe and compliant. Read more in our Who Owns Cloud Security eBook.
Hybrid IT infrastructure that combines on-premises and public cloud capabilities is a strategy many enterprises are embracing. Download Now
Why is it important for organizations to embrace digital transformation? Just ask anyone that once worked for Blockbuster. It’s not that we quit... Continue Reading