We’ve talked about the issues with Shadow IT before, and although they may seem small at first, they’re nothing to scoff at. An organization might not take issue with their employees in finding workarounds to achieve a task or expedite their processes. But, at what cost? Doing that work outside the confines of a secure infrastructure can actually pose quite a threat to your data.
What Is Shadow IT?
“Shadow IT” sounds quite nefarious, conjuring images of criminals hiding in the shadows and lurking about (and wielding laptops). That image may seem scary to you, and while the imagery is not a literal interpretation of the risk, it is in many respects an effective one. Overall, Shadow IT is a big topic that can be boiled down to this main point: Shadow IT exists anytime someone outside of the IT department is performing IT tasks. However, for the sake of keeping this discussion small, we're going to focus on one very common component, which is the nature of sharing corporate file data.
As we mentioned, there are times when users are trying to find a workaround to complete a task and so they employ a means other than what’s explicitly allowed by their organization. Common examples of this include:
- users sending files to their personal email accounts
- departments maintaining files in a third-party cloud storage account (such as Dropbox or Google Drive) as opposed to on the server
One of the biggest issues with Shadow IT is that often users don’t realize they’re doing anything wrong. They assume that since they’re able to access Dropbox or Google Drive on the organization’s network that it must be okay to use - or at least not entirely frowned upon.
Why Is This Dangerous?
Unless you’ve implemented a Digital Rights Management Solution (DRM), when data leaves the confines of an organization’s infrastructure, all bets are off. Granted, it’s unlikely that your employees are planning to do anything bad with the information, but the data is at risk when it’s out in the wild. A file with confidential information that’s sent to a personal account could be accessed. Even a password-protected file is not safe because the technology to hack into these is readily available and, unfortunately, effective. Loss of data could also violate agreements with clients or vendors... or, worse, could violate compliance or regulatory requirements. Another concern is that circumventing the system in place means there’s no way to officially oversee what’s happening, and since all of this is happening in the shadows, there is no simple way to easily identify if this is happening right now.
How Can You Avoid It?
In order to avoid Shadow IT issues that could crop up and put your larger data security plans at risk, the first step is to take a high-level view of the information your teams need to fully do their jobs and their access privileges. If it’s quite common for your marketing department to do work off-site or share work with outside vendors without privileged access to that information from anywhere except their company-issued desktop computer, you can bet they’re going to figure out a way to make things work.
Shadow IT is caused by people trying to find easier ways to do their job. The way you avoid shadow IT in this particularly narrow scope you have it in is a combination of things:
- Speak with your users regularly and understand their requirements and their pain points
- Implement secure solutions that ensure that they are able to do their work in the manner that they need to, while also maintaining security
- Implement a DRM solution
- Have strong employment and acceptable use agreements with teeth- ones that clearly state the consequences, such as “people found implementing or using non-corporate systems will be terminated or held liable for any loss of data or business as a result of their actions”
Now that you’re aware of the dangers of Shadow IT, it’s time to take the next step and learn how to put your IT to work for your business. Download our eBook Building Your Business By Outsourcing Your IT today.