What is Shadow IT?

What is Shadow IT?


 

CyNexLink Blog   •   August 2, 2017

 

You may have heard of the ominous-sounding term ‘Shadow IT’ while exploring the topics of hacking or cyber security.

You might think the term hails from some captivating mystery film about secret societies. While it almost assuredly is not so sensational as that, the reality of shadow IT can actually pose serious risks for a company.

Shadow IT is essentially when employees use technological products that are unsupported by company devices and protocols, or any other IT department for that matter. Such employees could be using these products as a consequence of impatience or simply because they favor their own personal tech over the company’s. Some examples of shadow tech is personal smartphones, tablets and USB thumb drives. Some popular shadow applications are instant messaging programs and Google Docs.

In point of fact, the major scandal which rocked the Democratic party en route to the 2016 presidential elections involved Hilary Clinton’s private (shadow) servers.

While the term is neutral within itself, the habitual and unchecked practice can pose serious threats and embarrassments for a company.

Here are some of the risks of shadow IT:

Compromised Security: The use of unsupported hardware and software can compromise a company’s overall security because they aren’t subjected to the same rigorous security measures applied to managed or support tech.

Reduced Efficiency & Organizational Dysfunction: When unsupported tech is introduced into a company’s tech grid it can negatively impact the bandwidth, hurting the user experience for other employees. There’s also no way to tell whether the unsupported tech will conflict with other applications contemporaneously utilized by the business.

Risk of Data Loss: The backup procedures of shadow tech are very often not up to a company’s security standards. Employees who store company data or professionally sensitive information on non-company tech are at a much higher risk of data breach. In fact, data loss and downtime cost businesses an estimated $1.7 trillion each year, according to a recent study from Dell EMC.

Despite the dangers, some proponents of shadow IT believe such extemporaneous tech usage can actually supply personal and disruptive innovation to a company’s workforce. Rather than promote its eradication, advocates of limited shadow IT contend companies should create policies to regulate it.

Businesses standardize their own IT systems. They have a playbook for how systems are vetted and introduced into the company. When shadow tech is brought into the system and mixed with sensitive data, it can spread like a virus, impacting the whole grid.

IT departments once reigned supreme over company tech usage and protocol, but the rapid growth of the shadow tech industry has loosened their grip. A serious question to ask ourselves is: Are we forever beyond the pale (cybersecurity-wise), or can strong managed IT departments once again act as sentry of all things tech?

For one, businesses need to identify the weaknesses in their own tech systems that caused the accelerated need for shadow IT employment. Another crucial practice is inter-departmental communication — so every department is in ideological sync with IT security protocols.

For more information on shadow IT and topics relating to tech security, consider checking out the articles at info security magazine, or the articles and whitepapers at computer weekly.

Next Steps to Take