You’ve probably heard the phrase Shadow IT before, but what is it? What does it actually mean, where does it come from and how do you deal with it in your business?
In simple terms, Shadow IT refers to technology solutions used within an organisation that bypass controls or limitations within the managed IT estate. It’s not just unapproved applications. It could be any form of IT that’s being used without the knowledge of the IT team.
Users turn to it to provide the agility they want and need, but can’t get from the applications the business uses, or the controls it may be placing upon them. It’s not therefore typically a malicious activity. More borne out of frustration with limitations hindering productivity.
With that in mind, to an extent it could be perceived that shadow IT has benefits for a business. Your staff are keen to get work done and have used their initiative to actively seek out ways to speed things up, introducing innovation, increasing efficiency, throughput and perhaps profits.
Is that really the case though?
Let’s take a look at some of the risks:
A lot of the time, controls exist to protect users and company data. Blocking sharing of data, access to certain types of website or preventing the use of specific applications are important not only to prevent malware or ransomware infections, but also to prevent people doing things by accident, or just maintaining visibility of data wherever it may be within the estate. As soon as uncontrolled applications come into the mix, everything put in place to comply with security policies or maintain compliance become ineffective.
Often users will be paying subscription or usage fees for the shadow IT systems they may be using. Sure, that’s coming out of a budget somewhere, but not necessarily allocated to IT. That raises challenges with understanding the return on investment with solutions you as a business have paid for to address perceived challenges. If users are bypassing such systems the implementation and running costs are being wasted.
A digital transformation strategy won’t work if users seek out and implement tools that enable them to maintain old, inefficient ways of working. Encouraging adoption of new solutions through effective training is important to ensure the success of such strategies by not losing the support of the user base.
With the changes in working practices that have come about during 2020 and 2021, users working remotely have been faced with more challenges than ever before. The effect of that has been a sharp increase in the use of shadow IT. Check out some of the statistics:
So, what are the users are turning to? Let’s look at some of the common solutions:
The user base are generally viewed as the weak link in the chain here, but that weakness can be created by other elements and it’s important to appreciate they exist. For IT departments, control is the key to security when addressing that weakness in the user base. However, control taken too far for ease of management wraps red tape around productivity. That in turn leads to shadow IT, and IT teams cannot control what they cannot see.
The focus therefore needs to be on giving users the tools they need, coupled with the freedom and flexibility they need to work with maximum productivity, from anywhere. That means adopting the principles of the modern perimeter as discussed in an earlier blog, adopting IT management and security frameworks and keeping a finger on the pulse of the users through training and feedback.
One thing that’s abundantly clear is that wrapping them in chains does not work…
Infinity Group are IT Security specialists, if you are keen to discuss how to overcome the shadow IT your business may be at risk to or experiencing, please get in touch to speak with one of our IT Security consultants.
The latest 2022 release Wave 1 Microsoft Dynamics 365 Business Central updates were released on April 1. The release covers important functionalities that kick off
When working with organisations looking to make the jump from on-premises server infrastructure to the cloud, naturally a key component of the discussion is considering