All too often, businesses discover that their IT personnel are completely in the dark about the technology being used within their organizations. Employees and departments are taking it upon themselves to deploy their own software, systems and fixes, bypassing official IT resources in the process. With new cloud computing and mobile IT technologies deploying at a rapid rate while bring-your-own-device (BYOD) practices continue to flourish, IT departments are finding it harder to control their organizations’ technology decisions.
What exactly is shadow IT, and why is it so prevalent?
Shadow IT is defined as any IT solution or system that is built or integrated by a company’s users without the approval of the official IT department or head. It can also be known as “stealth IT.” Some examples of shadow IT usage would be an employee setting up free anti-virus software on his laptop, a worker loading company information into a personal Dropbox or other file-share account, or someone bringing a personal device into the corporate network that hasn’t been properly screened.
It is important for business owners to focus on evaluating why shadow IT is growing within their organizations and create plans to solve those weaknesses. Typically, shadow IT starts to develop from a lack of dedicated IT resources or from issues associated with IT staff (whether in-house or outsourced) struggling to keep up with employee demand for new technology. This trouble is usually a result of the staff being overloaded, or the review process for adopting and implementing new software being too lengthy.
What are the risks to my business?
Shadow IT can be very risky for businesses because the hardware and software introduced by users are not held to the same security measures as approved line-of-business applications in terms of control, documentation and reliability. On top of that, extra technologies can put a strain on the corporate network, impacting bandwidth and thus user experience for the entire company.
The integrity of company data is also at risk, both to outside threats due to improper security and internal loss due to improper saving and storage techniques employed between personal devices, cloud systems and corporate software. In fact, the Q4 2015 Shadow Data Report, released by Blue Coat’s Elastica Cloud Threat Labs, revealed that 26% of documents stored using cloud apps are broadly shared – meaning any employee can access them and they can be discoverable in search! The report also noted that 1 in 10 shared documents contains data subject to compliance regulations, such as personal health information.
What can I do?
The first step toward solving this problem to assess how big it is. Take an audit to determine security risk points, duplicate technologies and inefficiencies so you can create a strategic roadmap to reintroducing the IT department as the technology gatekeeper. Some other useful practices include:
- Working to streamline approval and implementation processes around new technology.
- Keeping your IT staff robust enough to be proactive about new technology solutions.
- Creating regulatory rules around technology use, documenting them and, most importantly, enforcing them.
- Fast-tracking short-term shadow IT solutions when necessary to avoid creating animosity toward the IT department. In the long run, this will help keep IT respected as the technology decision-maker.
While shadow IT can have some positive ramifications, such as introducing new applications that may be useful to your business, it is important to know how big this issue is in your company. Armed with this information, you can properly assess the risks and take the necessary protective steps.
The purpose of this blog is to answer the IT questions you have! To find more information on managed services, check out our services page. If you're looking to hire an IT provider for your business, download our free ebook on how to choose the best one for your business!