The risks and benefits of Shadow IT

Shadow IT is the term used for BYOD, applications, and software or services that are supported by a third-party service provider, rather than an organization’s IT provider or technology department.

In recent years, Social, Mobile, Analytics and Cloud (SMAC) technologies have been central drivers of innovation (and disruption). Mobile and cloud services have given end users the ability to access data and perform their job functions from almost any location. As a result, enterprise applications have moved from being behind the security of the company firewall to public software-as-a-service (SaaS) solutions for everything from accounting to human resources.

These technology trends have also resulted in the “consumerization” of IT, where end users expect a fast and easy-to-use mobile first experience. These expectations can cause frustration with legacy technologies that may not work as well for employees on the go.

End users gravitate towards the simplest solution. Why go looking for a work related device when your cell phone or tablet is sitting on the desk? Thanks to the Apple App Store and Google Play Store, employees have access to literally thousands of apps that they can quickly install and use to perform their job functions, all outside of the network perimeter. So why is this a problem?

THE RISKS OF THE SHADOW

There are several issues at hand with Shadow IT. Users who choose their own apps can expose businesses to security issues, bring them out of compliance with legal guidelines, and inadvertently negatively affect other users in their business. Here are some of the ways Shadow IT can affect your business:

Security – Unsupported hardware and software are not subject to the same security measures as supported technologies. Without the ability to monitor and control application usage, software and applications that incorporate business data and integrate with existing business applications are at risk of cyber attacks and malware infections. This leads to lost time, lost productivity, lost revenue, and lost reputation.

Compliance – Shadow IT governance and compliance risks are extremely severe, as sensitive data can be easily uploaded or shared. There are no data confidentiality processes or access policies in place if an employee stores corporate data in their personal DropBox or EverNote account. Violations resulting from failure to follow compliance guidelines can result in significant fines.

Workflows and processes – Technologies that operate without the knowledge of an IT department can negatively affect the user experience of other employees by affecting bandwidth and creating situations where software or network application protocols conflict. Additionally, IT support teams may not be ready with answers or resolution when end users raise issues with unsupported tools. This slows down workers and creates additional stress on IT.

RISK REDUCTION AND PROFITS MAXIMIZATION

Despite all the risks that Shadow IT presents, it also carries the potential for rewards. New apps can revolutionize processes and allow employees to work smarter and more efficiently. This requires a careful balance between management and flexibility.

Most end users do not equate the use of certain applications or devices with extreme consequences. This is where IT needs to be flexible and communicate well. Instead of telling end users that they can only use one system to work with, clearly describe what kind of data is okay to work on in unsupported apps and what data should remain secure on your supported network. Be sure to identify the permitted uses in your Acceptable Use Policy.

The time has come to move past the denial stage of Shadow IT and communication is key. Educating end users and providing clear and concise information use guidelines can help you develop enforceable limits. Take the time to understand the processes and the needs of the employees. Research and employ solutions that address those needs, both current and future. This, combined with a strong cloud and SaaS application strategy, you can control your end users and data.