What is Shadow IT and Why is it a Problem?

Image

Shadow IT Doesn’t Lurk in the Shadows – it's Prevalent

Although it may seem foreign now, there was once a time when an organization’s IT department had complete and total control over the technology being used by the organization. Before software could be purchased, or before anyone clicked download, the IT Director’s blessing was needed.

In current times, no matter how hard your IT department may work to stop such an instance from happening, shadow IT is something that every organization has to deal with at one point or another.

What is Shadow IT?

Shadow IT is the use of information technology systems, devices, software, applications, services, and/or projects that are managed outside of, and without the knowledge and explicit approval of the IT department.

With the increased usage of cloud-based applications in organizations over recent years due to their ease of download, shadow IT has grown exponentially. Since IT departments are typically unaware of the existence of such applications being used by individual employees or organizations, the term “shadow IT” was coined.

If you’re curious as to why all this IT spending takes place outside of the IT department, the reason truly has to do with the growth from cloud applications such as file sharing and collaboration tools that have become a key part of keeping any business competitive.

Examples of Shadow IT

Here are some examples of how shadow IT commonly comes into play:

• Personal email accounts used by employees to conduct routine business.
• Third-party software-as-a-Service (SaaS) applications that aren't under the control of the IT department and are being used for daily business operations.
• Unsanctioned devices that do not fall under any bring your own device (BYOD) policies issued by the IT department.

What Technology Falls Under Shadow IT?

Shadow IT constitutes all types of IT-related activities, as well as purchases that the IT department of a company isn’t involved in. It commonly falls under four categories:

• Hardware – Laptops, desktops, tablets, smartphones, and servers.
• Software – Off-the-shelf, packaged software solutions.
• Applications – Third-party applications such as productivity tools, collaboration tools, messaging tools, and more.
• Services – Cloud services such as infrastructure-as-a-service (IaaS), SaaS, and platform-as-a-service (PaaS).

Related Reading: The IT Pro’s Starting Guide to Cloud Computing

Why Does Shadow IT Exist?

As mentioned above, the increase in cloud adoption has been a defining factor in the surge of growth of shadow IT in today’s IT environments. In fact, according to G2’s Track Resources, shadow IT cloud usage is estimated to be 10 times the size of known cloud usage, with the average company having 975 unknown cloud services and 108 known cloud services. What’s even crazier is that 80 percent of workers admit to using SaaS applications that aren’t approved by IT and 67 percent of teams have introduced their own collaboration tools into an organization.

Operating from the shadows, these rogue IT applications bridge the gaps left by company-approved applications to ensure that your employees have the right tools they need to perform their jobs as efficiently as possible. In general, these shadow solutions are adopted by an employee or a team with the intention of improving the effectiveness of their role and boosting productivity.

For example, if an employee discovers a better and more efficient enterprise file-sharing solution than the originally permitted one, they might be inclined to download and start using it as shadow IT.

Watch the Webinar: Get the Most Out of GoAnywhere: Achieving Cloud File Transfers and Integrations

Why is Shadow IT a Problem?

It’s not too far off base to consider that employees may not fully understand the fact that organizations need to take suitable and necessary measures to ensure safety during the device selection and application approval process. In the absence of adequate vetting of new technologies, there are many risks that can arise and serve as a major cybersecurity hazard for organizations. One of the most dangerous and costly risks being a data breach. In fact, a recent study from EMC suggests that data loss and downtime cost a total of $1.7 trillion due to shadow IT security breaches. Other risks include:

• Gaps in Security and Data Loss – The more variations of technology being used, the more prone an organization is to security errors or data loss incidents.
• Compliance Concerns – The implementation of multiple different applications and solutions leads to tougher audits and a higher chance of technology not meeting the necessary compliance requirements.
• Collaboration Inefficiencies – When employees use different technologies and applications, collaboration is often compromised and harder to sustain.
• Barriers to Innovation – The chances of innovating with a certain technology are reduced if organizations don’t fully embrace it.
• Reduced Visibility and Control – Non-sanctioned tech is tougher to follow and monitor.
• Wasted Time and Investment – Time spent on implementing technology is wasted and ROI on investment is limited without sufficient buy-in.
• Configuration Management – Creating a configuration management database (CMDB) and defining how systems work together gets messier.

Are There Any Benefits to Shadow IT?

Although there are many risks that can arise, there are also some potential benefits to Shadow IT:

• Reduced Internal Costs – The “Bring Your Own Device” (BYOD) culture typically means fewer overheads and less overall costs for IT departments.
• Employee Satisfaction – When people feel they have more control, they tend to be happier than when they are forced to use unfamiliar technology.
• Individual Productivity – Employees are likely more productive using technology they are familiar with.
• Potential for Discovery – When employees use an array of tools, there’s a greater likelihood of better tools and technology emerging and/or being discovered.

How to Prevent Shadow IT

While shadow IT is hard to avoid within any IT infrastructure, IT admins can take certain measures to identify, manage, and mitigate any potential risks it may pose to the integrity of business-critical data and systems. To do so, consider implementing some of these useful strategies to effectively deal with the problem of shadow IT:

• Monitor Your IT Environment – One of the best ways to curb the problem of shadow IT is to constantly monitor all on- and off-network devices to help effectively identify exactly where all the company data resides. Keeping the network continuously monitored helps IT admins compare lists in between scans and can help determine when any new and/or unknown devices appear on the network.
• Maintain an Inventory – Apart from continuous monitoring of your networks, you must also focus on maintaining an inventory of all known and unknown resources within your IT environment – and most importantly, regularly update it using a network inventory solution.
• Implement Regulatory Guidelines – To cater to the unique needs of different business units, the IT department can create and share a list of approved applications/software with their employees that they can use apart from the standard issued software.
• Restrict Usage of Third-Party Applications – Additionally, it might be ideal to restrict user access to certain applications that you don’t want your employees to utilize. Make sure your employees are aware of the company policy and have acknowledged that they are not permitted to use any restricted applications for business purposes.
• Use a Secure Managed File Transfer Solution – One of the main applications downloaded apart from collaboration tools in incidents of shadow IT is file sharing solutions. Avoid any issues with trying to find a separate file sharing solution that isn’t secure and spare your IT department the headache by using a secure file transfer solution like GoAnywhere Managed File Transfer (MFT).

Related Reading: Thinking about Managed File Transfer? MFT Trials are Invaluable.