Shadow IT. It sounds nefarious. Creepy. Foreboding. Thankfully in most cases, it isn’t nearly as scary as it sounds, although if things get out of hand there can be some frightening consequences. However, it is something that every organization needs to be aware of and that most, in fact, are already dealing with unbeknownst to them.
What Is Shadow IT?
Shadow IT is a phenomenon that many IT departments are facing today. Essentially, as more apps and services hit the cloud and become accessible to pretty much anyone with an email address, workers and department heads are taking it upon themselves to use them to create their own little IT departments by deploying unsanctioned software. Now, in and of itself, this doesn’t sound terrible. After all, if using a free, cloud-based project management software or communication tool makes a department or employee more efficient, what’s the harm?
What’s the Harm of Shadow IT?
The harm lies in the fact that these are unregulated services that could potentially access your sensitive company data. If your team is sharing work via Dropbox or attaching files into tasks on Asana, for example, the work that would usually remain behind the company’s firewall, safe from theft, is now living on the cloud. It could also mean that information that may typically only be available while connected to the company’s network, either in-house or via VPN, is now accessible anywhere, at anytime so long as there’s an active Internet connection.
According to a report by Gartner, up to one-third of all data breaches will be due to Shadow IT by 2020. The report also states that “large companies use over 1,200 cloud services - over 98% of them are Shadow IT.” Woah. That’s a lot of unregulated usage and data flying around unrestricted.
How to Rein It In
To begin reining in Shadow IT, it’s important to first consider what’s led to its use in the first place. As reported by CIO, an employee isn’t going to circumvent processes and applications that are in place if they’re adequately meeting their needs. In most cases, employees are looking to use cloud-based applications because the tools provided to them are slowing them down or they don’t have the tools they need readily at their disposal. They’re trying to be more efficient - and that’s good for business! What isn’t good for business is doing it in a way that could pose a security threat. By figuring out why the employee is using the app, a business decision can be made as to whether to allow its use and put the proper security parameters in place or block access to it entirely.
In many cases, it’s also good to look at whether the program actually poses a security risk. For example, if your team is using Asana to track tasks but they aren’t uploading any files to it, then it may be worth it to just continue to allow them to use the tool. You could ask that managers be added to the group to maintain compliance oversight and keep an eye on any potential security risks. At the end of the day, if an in-house or previously approved tool isn’t available, shutting down one option could just lead to another option popping up in its place.
Finally, one of the most important things your organization can do to rein in Shadow IT is to educate employees as to why it poses a threat in the first place. For the most part, employees probably aren’t considering the business and security side of things when they decide to set up a Slack channel - they’re just trying to find a quicker way to do what they need to do. By explaining to them that there are risks associated with putting information into the cloud that really shouldn’t be there, you’ll have a better chance at reining things in or, at the very least, getting a heads up when a team would like to use a new tool.
Find out if your business can withstand anything by taking our business continuity quiz. Then get in touch with us to discuss how to strengthen your business by leveraging IT.