Running an IT department is challenging. That much is obvious. Yet, as technology continues to advance and businesses rely on more and more IT resources, the job can become increasingly complex.
This point has only been highlighted by the recent mainstream adoption of cloud-based services and applications. While cloud computing has had a significant positive impact on organisations' general productivity and efficiency, it has also resulted in the rise of shadow IT.
Shadow IT - What is it?
In general, shadow IT is in reference to IT systems, software, applications, services, and devices that employees use without the knowledge or approval of the IT department. While it has always been around in some form, shadow IT has been brought to the forefront due to cloud technology and the increase of consumer applications on the market.
According to a survey conducted by Cisco,
IT departments estimate their companies are using an average of 51 cloud services, when the reality is that 730 cloud services are being used. Year on year, it's estimated this
challenge is only going to grow.
Below are a few examples of how shadow IT can occur:
- Employees using a cloud file store like Dropbox to share files with suppliers, customers, and other workers.
- Employees using a personal Zoom account for a conference call with clients.
- A worker uses online apps from their former job rather than the tools provided by their current employer.
As these examples underline, various systems fall outside the control of any IT department. With so many possible vulnerabilities open to be exploited, the surface attack increases for each business.
The result? A greater possibility of sensitive data being leaked and into the hands of cybercriminals.
Why do Employees use Shadow IT?
One of the primary reasons employees use shadow IT is that it allows them to work more efficiently. It provides a quick workaround, allowing them to complete their tasks quickly without waiting on their organisation's stringent security policies to be approved.
An employee could download an application they think is better than the one officially permitted, and the usage of this unofficial app might spread across the department once word got out about its "effectiveness".
The nature of cloud-based consumer applications has also led to the growth in shadow IT adoption. No longer do workers have to be confined to packaged software. Applications like Google Drive and Slack are available with a few clicks.
Another point to consider is that work often goes beyond using equipment provided by an employer. Are organisations telling employees "Bring Your Own Device" with strict access to business resources, or are employees just quietly "Using their own Devices" unbeknownst to the department? As employees engage with their own personal devices such as laptops and smartphones to complete their work, this can increase the chance of them also using their preferred software and applications.
Understanding the Benefits of Shadow IT
How to Take Control and Manage Shadow IT
Understand what's happening: You first need to know what shadow IT is being used and by who. Conduct an internal review and audit any external devices (laptops, smartphones, tablets, etc.) your employees use for work.
Evaluate the situation: Always prioritise risk when doing this – you want to get rid of the biggest problems ASAP. Any apps breaking regulation or pose a danger? Shut them down immediately.
Maintain relationships: Employees use shadow IT for a reason. When you take this away, it could cause friction between them and your IT department. As a result, ensure you manage relationships to try and keep everyone happy.
Clear policies: To help prevent shadow IT occurring in the future, it makes sense to develop clear policies for your employees to follow and encourage them to go to IT when they want to request a new application. It’s crucial that you keep the communication between IT and the rest of the organisation open.
Embrace End-user Innovation: Your end-users may have adopted a practical solution that helps them get the job done more efficiently. Provided it meets the appropriate security and governance requirements, could it be adopted to bring wider benefits to the organisation?
Continual management: The work isn't done. You have to continually monitor and evaluate what's going on within your network. An employee may go rogue or forget about your policies, so regular management is required.
Conclusion
Shadow IT presents an obvious security risk, and while organisations should certainly place a high value on reigning in this practice, you need to develop comprehensive procedures for approving cloud applications that are fast and efficient. Create some room for compromise so your employees don't deviate from the required policies put in place to protect your organisation and its data.
With clear communication and the right security measures in place, your organisation could benefit from understanding how users have been working in a more agile and efficient way.
Altiatech provides
cloud consulting services
designed to help map out the best route for your organisation. Ensuring seamless management of your cloud infrastructure, security and governance.
If you would like advice or guidance on where security risks may lie within your organisation,
contact Altiatech for a free consultation.
