What Is shadow IT and why should you care?

It is becoming increasingly common for employees to bypass official channels and deploy their own technology to help them get things done. But this can have costly implications for your data security.
11 September 2018

What does Shadow IT mean for your business? Source: Shutterstock

Shadow IT. If you’ve never heard the term, there is a strong chance you love it. And if you are familiar with the term, there’s a pretty decent chance you’re in IT and this very term gives you an instant headache.

The term refers to all the sneaky software, tools, widgets, or tech that is brought into the organization without first being vetted and approved by IT.

The most prevalent form of Shadow IT refers to cloud services, especially software as a service (SaaS).

As valuable as distributed data storage has become, the rise of the cloud has fuelled the growth of Shadow IT, making it easy for any user or business unit to tap into cloud services and create data silos that lie outside the IT department’s domain. All users need is a laptop or a phone and a browser.

Some of the common Shadow IT include:

  • Productivity apps and scheduling apps such as Trello, Slack, and Asana
  • Messaging apps such as WhatsApp
  • Physical devices such as external hard drives
  • Communication apps such as Skype

You’re probably sat there thinking, “I use these tools every day, does this mean they’re bad?”

These very common tools aren’t bad, and actually, they are typically pretty safe and secure. The problem doesn’t lie in the tech itself, but instead how unaware your IT department is of them.

If your IT professionals are not aware of this technology being bought into the workplace, they will not be able to manage it for potential risks.

Shadow IT is becoming a critical security problem

The implications of shadow IT for organizations can be costly. If your data is breached or destroyed as a result of unmonitored devices, you could not only experience a loss of revenue but also damage to your brand’s reputation.

According to Gartner, by 2020, one-third of successful cyber attacks against enterprises will be achieved through Shadow IT applications. And these attacks are costly. On average, a data breach costs a typical enterprise around US$3.8 million.

Shadow IT is becoming a large concern for IT professionals. Source: Shutterstock

Furthermore, with data security laws tightening around the world, shadow IT is becoming a regulatory compliance issue. It is becoming critical for businesses to store data in systems that are known to be secure and which support legal obligations for data protection.

Shadow IT is a widespread problem

While you and your team may not be aware of the term “Shadow IT”, it is very likely that it is a problem happening right under your nose- just take a look at these stats:

  • According to a Logicalis CIO survey, 90 percent of CIOs worldwide are bypassed by line-of-business in IT decisions sometimes, and 31 percent are bypassed routinely.
  • A blog by Cisco states that on average, large enterprises use over 1,200 cloud services- and over 98 percent of them are Shadow IT.
  • Furthermore, according to Cisco’s Shadow IT report, on average, CIOs estimated that they had 51 cloud services running in their organization. But, the actual number was 730!

How do we eliminate the problem of Shadow IT?

To address the issue of Shadow IT in the enterprise, we first need to start with what causes it to occur in the first place.

This typically boils down to enterprise IT not serving business needs well enough. Perhaps the IT team in the organization is too slow or not responsive enough to the needs of the business users.

And so, this leads to users building their own functionalities and capabilities through shadow IT devices.

In order to address the growing problem of Shadow IT, CIOs and IT managers must ensure the business has access to the tools and services it requires. It will involve listening to these requirements of users and then promptly acting on them so individuals don’t feel pushed into finding their own solutions.

Of course, this is by no means an easy task- especially for organizations who only have a small team of IT professionals and not enough time to adhere to every requirement at the click on a finger.

A critical thing to do then is to ensure your entire workforce are aware of the correct procedures and best practices regarding Shadow IT devices. Once educated, they are much less likely to cause any harm through the devices they are using.