Back in the days of traditional office settings, it was easier to manage IT. System administrators generally had full control over what technology was permitted within the company network. If teams and employees wanted to download and use new software, they had to request approval from the IT department.
However, that is hardly practiced nowadays since it’s become much easier for employees to use devices and applications outside of the IT team’s control. This growing phenomenon is known as shadow IT.
How does shadow IT occur?
Shadow IT occurs when employees use devices, applications, and services that are not sanctioned or approved by the company’s IT department. It can be as simple as using a personal laptop for work, communicating on unauthorized messaging apps, or storing files in a consumer-grade cloud storage platform.
In most cases, employees turn to shadow IT because they’re trying to be productive and they believe that using their own devices allows them to get more done. Oftentimes, they may find an app that’s more intuitive than company-approved ones. Shadow IT could also indicate that employees don’t trust the IT department to provide them with the right tools or they don’t believe the department is responsive to their needs.
How common is shadow IT?
According to a Symantec study, shadow IT is a fairly common phenomenon. In fact, the average number of cloud applications being used by employees was approximately four times the number companies were aware of. The most popular type of shadow IT are cloud software, particularly those used for communication and collaboration. Employees may also use personal email accounts and mobile devices for work purposes.
One reason shadow IT is so prevalent today is that employees have more access to technology than ever before. It’s easier for them to download apps and sign up for services without the IT team’s knowledge.
More employees are also working remotely, which makes it harder for the IT department to keep track of what devices and applications are being used. Plus, since many companies are adopting hybrid arrangements, employees are using their own devices for work more often, further blurring the lines between personal and work-related technology.
Related reading: Learn how your company can secure remote work environments
What are the risks of shadow IT?
Although shadow IT enables employees to be more productive, it carries several risks:
- Increased exposure to security breaches
When employees use unsanctioned devices and applications outside the purview of the IT department, there’s no telling how these are being utilized. These tools may not have the same security measures in place as company-approved ones, giving hackers an easy way to access your sensitive data. Employees may be connecting their personal devices to unsecured public Wi-Fi networks or using weak passwords to secure their cloud apps.
If a data breach occurs due to these negligent practices, your company may suffer massive financial losses, expensive lawsuits, and reputational damage.
- Redundant technology
Using different tools can lead to inefficiencies and redundancies. For example, two employees may be working on the same project but using different cloud storage platforms to store files, which makes it difficult to share and track changes. Oftentimes, the same data has to be manually entered into multiple systems, which can take a lot of time and lead to errors.
- Disjointed processes
Companies typically handpick the technology that employees use to ensure that it integrates well with other tools and systems. When shadow IT is in play, these systems may not be able to talk to each other, disrupting your team’s workflow. For instance, if someone is using time tracking software that’s not compatible with the company’s accounting platform, managers may have a hard time processing payroll efficiently and analyzing workloads accurately.
- Increased costs
Shadow IT can result in many hidden costs for your organization. In addition to the wasted time and resources spent using redundant technology, employees may need specialized support for the unsanctioned devices and applications they’re using. If mission-critical work is dependent on certain shadow IT apps, your company may be forced to purchase them when scaling up your operations. Employees may also incur unexpected charges for using up too much internet bandwidth to run their cloud applications or for exceeding their storage limits.
- Noncompliance issues
Healthcare, insurance, and other regulated industries must follow standards and rules on collecting, storing, and processing data. HIPAA, in particular, has very specific requirements for how protected health information must be handled. If employees are using shadow IT to do their job, your company may be in violation of these regulations and be subject to hefty fines.
How can you combat shadow IT?
To prevent shadow IT from getting out of control, you need to take a proactive approach. Here’s what you should do:
- Establish a list of approved devices – If you have a bring your own device (BYOD) policy, make sure all employees are aware of the type of devices and models they’re permitted to use when connected to the company network.
- Proactively monitor activity – Use a security information and event management system to monitor all suspicious network activities and purchases indicative of shadow IT.
- Implement endpoint management systems – If BYOD is allowed, have your employees register their devices in an endpoint management system like Microsoft Endpoint Manager so you can keep track of what’s being used. The system also serves as a central console where administrators can distribute security updates, set access restrictions, and remotely wipe data from compromised devices.
- Talk to your employees – Host company and team-specific discussions on the risks associated with shadow IT. Employees must understand what apps and devices are off limits, and the security implications of using them without permission. Team discussions also allow employees to voice any concerns with current technology and persuade management to invest in the tools they prefer.
- Block apps and websites – Many firewalls and web filters allow you to blacklist certain cloud apps and websites. This will prevent employees from accessing unauthorized services.
- Set up an IT approval process – When employees or teams want to use new apps or devices for work, they should go through an approval process. This allows your company to vet the technology for security risks and compliance issues, and determine whether it’s worth purchasing.
Shadow IT can be a major hindrance to your organization. If your company is starting to see signs of shadow IT, take action now to prevent it from becoming a bigger problem. Dynamic Solutions Group can help you establish the right policies, strategies, and control mechanisms to nip your shadow IT problem in the bud. Contact us today to learn more.