Shadow IT describes the technology that non-IT employees use that is unsupported and in most cases not approved by an organization's IT department. Shadow IT can take take place in many forms; an employee who is forwarding work emails to their personal email account because they want to bypass their organizations storage limit; an employee who uses a personal credit card to purchase cloud services in order to complete a project without seeking mandated approval from the IT department; or employees who use a storage app outside of the firewall. The list of Shadow IT, from USB drives to spreadsheets, goes on and on.
What Does Shadow IT Mean for Employees and IT Departments?
Confronted with understaffed IT departments that cannot respond to business and/or employee needs promptly, tech-savvy workers are opting for tools that result in expedited completion of tasks and projects. In a recent survey, 37% of the respondents indicated that the primary reason for shadow IT was the IT department's inability to test and implement new capabilities and systems in a timely fashion.
For employees, shadow IT facilitates their ability to initiate projects, explore innovation and take advantage of readily available tools that enhance job performance and provide them with the freedom often necessary to meet specific goals. However, IT departments take a dim view of shadow IT because of support and security concerns and the loss of control from siloed projects. There is growing anxiety over the possibility of employees inadvertently exposing sensitive information, not to mention compliance issues.
A May 2015 Forbes article stated “Shadow IT is a growing menace—an insidious covert activity undermining a CIO’s ability to run an efficient, safe and coordinated IT department.” According to IDC Senior Research Analyst Mark Yates, not having centralized IT oversight fortifies organizational silos, impeding cross-functional collaboration and increasing security risks. All of this means that while there are benefits to Shadow IT and organizations can not stop it, they do need to pay close attention to the downside and put acceptable use policies in place.
Top 3 Benefits of Shadow IT
1. Employees using shadow IT can increase productivity by accessing and completing work at home or while traveling.
2. Shadow IT exploits social media, which organizations can potentially benefit from as it blurs the boundary between personal information and company tasks.
3. A reduction in organizational chaos is naturally established when IT leadership streamlines operations by embracing and perfecting shadow IT policy and utilization.
Top 3 Risks of Shadow IT
1. Lower Satisfaction Levels; Shadow IT could inhibit innovative solutions by effectively blocking access to and/or development of more efficient processes.
2. Loss of Data; The probability of data leaks and data loss is frighteningly high, considering the loosely monitored forms of shadow IT employed by workers searching for alternatives to offerings. Moreover, architects of shadow IT applications, who don't understand security implications, could leave proprietary information in a state to be exposed.
3. Cyber Attacks; One of the most popular types of shadow IT, cloud storage, is especially vulnerable to attacks and breaches. Shared access, virtual exploits and access control are just a few of the risks of free or inexpensive cloud storage apps.
In order for an organization to support employee needs and remain efficient and secure an assessment of shadow IT is needed. IT organizations will need to take a leadership role and work with line of business managers to integrate, optimize and secure these applications. Working with an experienced systems integrator that can help IT departments make the right choices on how to create a cohesive strategy that everyone can live with. IT can become the intermediary between users and their apps to make sure that security and compliance mandates are met and line of business departments are productive and happy.
Resilient Intelligent Networks is systems integrator who works with best-in-class technology partners, such as Fortinet, to devise comprehensive network security solutions to mitigate risk from internal and external threats. Resilient Intelligent Networks provides networking solutions and support for hundreds of clients with operations throughout the world and has established partnerships with the best software and solutions providers to meet an oganization's technology needs.