Shadow IT: Addressing, Adjusting, and Advancing

Shadow IT is a Problem for Businesses

Shadow IT is the installation of applications, software, and solutions on desktops by employees without the approval or knowledge of the IT departments. Not only has this been an increasing problem over the last decade, but Cisco also did a study that uncovered that a typical enterprise has between 15 and 25 times, (yes, times), more cloud solutions which the IT department was unaware. With staggering numbers like that, your business could be at constant risk of data loss, productivity reduction, and damage to your bottom line.

Why Shadow IT Became a Problem?

  • During the digital age, the end-user has become increasingly tech-savvy, while familiarizing themselves with their favorite software and programs they have learned the ins-and-outs of what they like and what they prefer.
  • Your employees use all sorts of services on their mobile devices, including mobile apps on which they conduct business.
  • New technologies and applications come out at a faster pace than most IT departments can manage.

Not all shadow IT is intentional; often it happens because employees haven’t been properly educated on the risks or because a company doesn’t have a strong IT usage policy in place.

What are the Risks?

  • Network Security. The number one risk when it comes to Shadow IT is your managed network security solutions. Viruses, malware, and ransomware can easily be hiding in an application an employee downloaded, a thumb-drive they inserted, or a plugin they installed.
  • Data Loss. If your employees’ usage of shadow IT is not properly controlled, this may lead to improper handling of your company’s data. Customer information, employee information, and even proprietary financial information about your business may be shared internally, with vendors, or customers. Data captured in unapproved applications brings into question: who is backing up of that data? Since the IT department may be unaware of it, there may not be any backups at all. Or if an employee leaves, all of the data they had during their employment may go with them and be gone for good.
  • Inconsistencies. Shadow IT can cause inconsistencies within your company’s data and logic. This could lead to a chaotic and inefficient way of internal files being linked or shared, giving some people access and leaving others out, in turn creating duplicate files.
  • Wasted Resources. Besides wasting a large amount of your IT department’s time, Shadow IT puts a big risk on resources like your network speed, data, and even drives up costs of nearly everything that falls under the IT umbrella. Aside from that, it may leave the known and approved applications from reaching their full return on investment.

What Can Be Done?

While it has become increasingly difficult for IT departments to battle Shadow IT, it’s not a hopeless situation. Training of your internal staff and putting certain tools in place can go a long way in preventing the issues that Shadow IT causes.

Employee Education

You should already have an IT usage policy in place. If you don’t, it’s time to start working on one. Having a solid IT usage policy won’t just address Shadow IT, but should cover a whole other myriad of issues that may affect your business on the IT front. Make sure that your entire staff is familiar with which programs are and are not permitted as well as how data should be shared, both internally and externally. You should prohibit downloading unapproved applications.

Make Sure Your Network is Constantly Monitored

By having your network constantly monitored, you should be able to find out if or where Shadow IT in your systems may lie. Regardless of device, desktop or mobile, you need to know where all of your company data resides and if that device has Shadow IT applications installed. You should also have alerts set up to notify you each time a new or unknown device tries to connect to your network. Your IT department should be keeping a log of all of the software or applications being used outside of what has been previously approved with a plan to either gain approval (along with the determination and implementation of best practices) or remove the applications.

Prioritize Applications Based Upon Risk

Not every plugin, add-on, or application installed outside of the IT department is bad or harmful. Once you have determined which Shadow IT programs are being used on your network, find out which ones are the highest risks and address those first by blocking them from your network. You should also be able to determine the employee that installed or was using those high-risk applications, and make sure they are properly trained, if necessary on the risks of Shadow IT.

In the long-run, you may not adopt the practices that prevent every single Shadow IT application from making its way onto your network, but there are steps you can take to minimize your risk and keep your data safe.

Want to know more or need help with Shadow IT issues on your network? Contact us today!

Published On: July 7, 2018Categories: Cybersecurity, Managed IT Services