spotlight casting on desktop laptop and phone

The Risks and Benefits of Shadow IT

Network Security
January 31, 2018
Beth Stewart

Shedding light on the network threat you didn’t realize you had

Shadow IT is the term used for personal technologies (BYOD), applications, and software or services supported by a third-party service provider, instead of an organization’s IT provider or technology department. 

Over the past several years, Social, Mobile, Analytics and Cloud (SMAC) technologies have been core drivers of innovation (and disruption).  Mobile and cloud services have given end-users the ability to access data and perform their work roles from nearly any location.  As a result, businesses’ applications have moved from behind the safety of the company firewall to public Software-as-a-Service (SaaS) solutions for everything from accounting to human resources. 

These technology trends have also resulted in the “consumerization” of IT, where end-users have come to expect a fast, easy to use, mobile first experience.  These expectations can cause with frustration with legacy technologies that may not work as well for employees on the go. 

End users gravitate toward the simplest solution. Why go and find a work-related device when your cellphone or tablet is sitting on the desk?  Thanks to the Apple’s App Store and Google’s Play Store, employees have access to literally thousands of applications that they can quickly install and use to carry out their job functions, all outside of the network perimeter. So why is this an issue?

The Risks of Shadow IT

There are several issues at hand with Shadow IT. Users choosing their own applications can open companies up to security issues, take them out of compliance with legal guidelines, and negatively affect other users in their business without meaning to. Here are some of the ways Shadow IT can impact your business:

Security - Unsupported hardware and software are not subject to the same security measures as supported technologies.  Without the ability to monitor and control application use, software and apps that incorporate business data and integrate with existing business applications are at risk of cyber-attacks and malware infections.  This leads to lost time, lost productivity, lost revenue, and lost reputation.

Compliance - The governance and compliance risks from Shadow IT are extremely serious as sensitive data can easily be uploaded or shared.  There are no processes to ensure confidentiality of data or access policies if an employee is storing corporate data in their personal DropBox or EverNote account. Breaches resulting from failing to meet compliance guidelines can lead to significant fines.

Workflows and Processes - Technologies that operate without an IT department’s knowledge can negatively affect the user experience of other employees by impacting bandwidth and creating situations in which network or software application protocols conflict.  Additionally, IT Support teams may not be ready with answers or a resolution when end users present issues with unsupported tools. This slows down workers and creates additional strain on IT.

Reducing Risk and Maximizing Benefits

For all the risks Shadow IT presents, it also carries the potential for rewards. New applications can revolutionize processes and allow employees to work smarter and more efficiently. This requires a careful balance between management and flexibility.

Most end users do not equate using certain applications or devices with extreme consequences.  This is where IT needs to be flexible and communicate well. Instead of telling end users they can only use one system for work, clearly outline what type of data is okay to work on in unsupported applications and which data should remain secure in your supported network. Make sure that you identify allowable uses in your Acceptable Use Policy. 

The time has come to move past the denial stage of Shadow IT and communication is key.  Educating end users and providing clear, concise, information usage guidelines can help you develop enforceable boundaries. Take the time to understand the processes and needs of employees.  Pivotal IT is here to deliver solutions that address those needs, both current and future.  We can help you with templates for creating your Acceptable Use Policy and we’ll help you develop a cloud and SaaS application strategy that reins back in your end users and data.

pivotal it watermark black text blue IT services

Unauthorized use and/or duplication of this material without express and written permission from Pivotal IT is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Pivotal IT with appropriate and specific direction to the original content

more articles
Fileless Malware: How It Works and How To Avoid It
Occasionally know as non-malware, fileless malware lives in your computer’s RAM, doesn’t use software, and attacks vulnerabilities within the computer’s operating system and software programs.
Network Security
August 6, 2018
9 Attack Patterns of a Data Breach
Since 2014, the majority of Data Breaches have used the same nine attack patterns - understanding them is key to developing an effective Cybersecurity Strategy.
Network Security
March 12, 2018
Target Mobile: 10 Tips for Securing Mobile Devices
Information on the latest threats targeting mobile devices and tips for keeping your mobile devices safe.
Network Security
July 12, 2017