Shadow IT is fast becoming a top security concern of IT leaders thanks to an increasing number of employees unknowingly putting their companies at risk. Here’s a closer look at the issue and what you can do about it.
What is shadow IT?
Shadow IT is the practice of using or procuring software or hardware without organisational approval. While most companies have measures in place to prevent the spread of rogue applications, they can be easily overlooked in today’s BYOD and productivity-driven work environments.
An employee might decide to purchase and install a popular cloud-based productivity tool on the company network to speed up projects. The logic may be: why wait days going through the regular channels when everyone could be using the software in minutes? For better or worse, this easy access to readily available, cloud-based applications is helping drive the growth of shadow IT.
The dark side of shadow IT
There are many problems associated with shadow IT. For starters, it can erode your ability to protect clients’ sensitive data and put your regulatory compliance at risk. While Evernote may not pose a threat to your business, consider what could happen if a well-meaning but uninformed employee used Google Drive or Dropbox to share customer records – records that may include addresses, passwords or credit card data.
Consider the following statistics from Symantec:
The fact is that many cloud-based applications can access sensitive company data and integrate with other systems, compromising your business’s hard-won security and compliance. These violations can be extremely costly, potentially resulting in huge fines and disruption to your business flow. Without knowing what data exchanges are taking place in the ‘shadow cloud’ outside your IT department’s control, your business could be at serious risk.
What you can do about it
Start by uncovering any areas of shadow IT in your organisation and commit to using a single cloud solution or cloud service provider. For example, if you’ve decided to go with an encrypted and secure cloud backup solution, be sure to block access to all other web storage programs.
In most cases, simply asking employees not to use Dropbox or Amazon Cloud Drive won’t be enough. You need to have the right systems in place to prevent shadow IT in your organisation.