The applications and technology that your employees use to make them more productive could be putting your organization in a risky position. It’s hard to believe that something that enhances productivity could do this, but it’s an unfortunate truth. And it all stems from the technology that they are using. But, it’s not the technology that your internal or outsourced IT department issued and authorized. It’s the technology that was secured or downloaded without the IT department’s knowledge. It’s called Shadow IT.
What Is Shadow IT?
Shadow IT is any type of information technology (IT) service, application, hardware, or software that is procured and managed without the knowledge of the IT department. In other words, it’s that application that an employee downloaded without going through IT first. And, this type of “going around the back” of the IT department to procure technology is happening more than you might think. According to research by Everest Group, 50% of IT spending in large enterprises is Shadow IT. That is a large percentage! And it could cost your company dearly.
Why Is Shadow IT Concerning?
But, what’s the big deal? Well, to start, the downloaded technology or application may not be a secure technology. It may come with inconsistent or insufficient security controls. Or, it may come with risks that businesses may not even be aware of. In fact, this technology that was downloaded without the knowledge of the IT department may have just created a security gap – and your IT department, the department responsible for ensuring security and compliance, doesn’t even know about it. Yep, jaws should be dropping right about now.
Why Is Shadow IT Happening?
A lot of this comes down to productivity. If there is an application or service that makes an employee more productive, it becomes an attractive tool. Add in the fact that downloading and installing applications and technology is pretty darn easy, and you get the right environment for the Shadow IT.
The other component is the ease of use. Employees that download applications for work use, likely know how to use them already or the applications are intentionally easy to use, which means the employee learns them quickly.
And, let’s face it, unless you are in the field of IT or read the Intivix blog regularly, security may not be top of mind for all employees within a company. Productivity and ease of use, however, are top of mind.
What Are The Real Concerns With Shadow IT?
Here’s where we get to the scary part. Typical downloaded Shadow IT includes things like file sharing and storage applications, collaboration tools or adding social media accounts to devices. This may sound harmless, but these all create opportunities for hackers to steal information or create an in-road for infiltrating the company
If sensitive/confidential data or information is stored on a file-sharing or storage application that is not properly secured, that data and information could be hacked, stolen or leaked. And, hackers love to use social engineering hacks to gain access to social media accounts. Once in, they can deploy malware to gain access to the business, which is possible since the social media accounts have been downloaded to a business device (without the knowledge of IT).
Just how concerned should we be about this? Well, according to Gartner, one-third of successful attacks experienced in 2020 will be on Shadow IT resources. That can really take a toll on the company.
What Can Be Done To Slow Shadow IT?
The first part is recognizing that Shadow IT is happening. According to Cisco Cloud Consumption, on average, large enterprises use over 1,200 cloud services, and over 98% of them are Shadow IT. Regardless of your business size, this percentage should be startling.
Now that you are on-board with the fact that Shadow IT is happening, it’s time for education. Non-IT employees may not know the risks involved with Shadow IT applications and technologies. They might not even know that they shouldn’t be downloading tools without IT’s knowledge. So, start with education. Explain what Shadow IT is, the security dangers, and why you need the support of all employees to help plug the security gap. This topic could be woven into your regular cybersecurity training.
In addition to education, ask employees to collaborate with the internal IT department or outsourced IT department on the applications and technology that they believe makes them more productive. Given time, these tools can be investigated to determine if they are secure and deploy those that are enterprise-ready. Or, IT may be able to identify an alternate tool that is secure that meets the needs of employees.
Beyond that, IT and business leaders need to bridge the gap when it comes to technology needs, applications and user productivity. The involvement of IT will help safeguard the company and lessen its risk and exposure. At the same time, IT should endeavor to enable productivity tools that drive innovation and efficiencies for team members.
Your company may not be able to completely eradicate Shadow IT but reducing its prevalence will go a long way towards protecting your company, your employees and customers/clients. Start the conversation with employees and strive for collaboration with them – closing as many security gaps as possible is a benefit for everyone within the company.