Shadow IT refers to the practice of using software and other systems outside of, and without the knowledge of, the IT department or management. As the use of cloud applications grows exponentially, so has Shadow IT.
Employees now have the ability to bypass IT with software that’s available for a low monthly fee – or for free – with the click of a button. The driving force behind Shadow IT differs from organization to organization. Sometimes employees believe it improves efficiency; they believe they need these tools to do their jobs. Sometimes employees “prefer” a different tool than what is approved. Other times, not involving IT or management is seen as a way to drive down costs in a department. Or sometimes people simply grow impatient waiting on a corporate-wide solution to materialize. Whatever the reason for the existence of Shadow IT, it brings significant risks.
Hundreds/thousands/tens of … these applications are available for use at any typical business. They represent a security gap, as they are not “vetted” for the company. Although some applications are harmless, others include functionality such as file sharing and storage, or collaboration, which can present big risks to an organization–especially if these applications contain sensitive data. For example, employees might place a client file on their personal Google Drive to work on it over the weekend.
Their own personal Gmail account might not have the same level of security as other approved apps. If a security breach occurs, your IT team won’t be aware of the full potential scope of the threat, leaving the company unsure of what data is compromised and exactly when it happened, so it can be remedied. The same goes for accessing personal email on a company device. Breaches into the company network happen through personal email more than you know.
Requirements for data compliance are becoming increasingly strict. No matter the organization, regulatory compliance is becoming critical. There are numerous standards that businesses need to comply with – from PCI to industry-specific regulations like HIPAA – and the use of Shadow IT can potentially lead to fines for violating these compliance requirements. Unregulated public clouds make it impossible for companies to prove compliance with these regulatory requirements.
There are also other issues such as duplicate apps. There might be different email, file sharing, sales and marketing automation, project collaboration, messaging, and other cloud capabilities in use. It’s easiest to illustrate the cost of this with an example. Let’s say your organization has 50 employees. 25 use Microsoft Teams because it comes with Office365 and 25 use Zoom which is $15/user/month. That’s $4,500 per year for 25 people to use their preferred internal communications tool. Also, many of these cloud apps have a low monthly fee per user, so everyone forgets to drop accounts as needed, so the company ends up spending money on unused software.
Consider how quickly processes can fall apart when the IT staff is dealing with requests to fix problems resulting from Shadow IT. For example, this happens when an employee needs to give IT personnel admin access to an unauthorized application. We also have had instances where someone brings in their own WiFi router and plugs it in, trying to get “faster “internet to their laptop. Not only does this open a security hole in the company’s network, but it also can bring the network to a crawl as the personal hardware is competing with the already approved and installed company hardware
Uncover Shadow IT
Managing Shadow IT is all about discovering the different applications and hardware your employees use. You need to bring these applications and hardware out of the shadows, to help you be more secure, more productive, and more profitable. Give us a call, we can help! (406) 443-8386