Shadow IT: Why It’s a Problem (Pt. 2)

August 4th, 2016 | IT Security

The first part of this series, “Shadow IT: What it is,” reviewed what constitutes shadow IT and why it’s used in the workplace.  As described in the preceding article, shadow IT is any hardware or software used within a business that’s not approved or supported by its IT department. This portion of the series will cover not only the problems the unauthorized use of technology can create for an organization but why the prevalence of shadow IT problems across a variety of industries proves you must address this trend in a strategic, tolerant manner. Essentially, visibility into the equipment a company’s members use is pertinent to an organization’s IT infrastructure security. You can only maintain security by employing a proactive approach to managing the technology demands and needs of the business’s employees.

Shadow IT problems and benefits

Many organizations see shadow IT as a short-term benefit with long-term consequences. Unauthorized technology may appear threatening to a business trying to gain control of its IT infrastructure at a time when stability is so critical to security. Shadow IT may provide short-term benefits, especially to the employees who like to use it. Still, it is often accompanied by network risks such as security holes, duplicated technologies, and interruptions to the business’s IT strategy for the future. Essentially, if a company’s IT department is unaware of exactly what employees are using technology, they will be unable to securely manage a business’s network.

More shadow IT = More shadow IT problems

According to the Cisco study referenced in the first article of this series, on average, CIOs believe 51 cloud services are running within their organization. However, Cisco revealed the actual number to be 730. A majority of shadow IT stems from the unauthorized use of SaaS and IaaS applications. While shadow IT varies across applications, it does not discriminate across industries. For example, even in trades such as financial and healthcare services, Cisco found approximately 17 to 20 times more cloud applications operating within the workplace than its IT department estimated. Typical shadow IT technology includes smartphones, tablets, USB thumb drives, and applications such as Google Docs, instant messaging, and Skype. Shadow IT is being utilized in every industry, and its use is higher than predicted. However, the unsupported adoption of devices and software by a company’s employees can affect the user experience of staff by increasing the use of bandwidth and creating software or network protocol conflicts within the organization. Some businesses worry shadow IT problems will result in data silos that impede the flow of information within the business. In contrast, some companies believe accepting unapproved technology is necessary to keep pace in a world where technology is continuously changing the way organizations do business. Therefore, these companies think that instead of prohibiting shadow IT, a business should work to construct customized acceptable use policy and constantly monitor the security of the technology. A business is likely unaware of just how often employees are using shadow IT for their day-to-day tasks. While this realization may be daunting, it’s important to remember there is a solution. Our IT security services can help your company understand and regulate the use of unsupported technology within your organization. To continue reading about shadow IT, read part 3 of the series “Shadow IT: What to do”