Lurking in the background of any IT manager’s nightmares is the spectre of shadow IT. Shadow IT can be described as hardware or software used in an enterprise that is not supported by the enterprise. The negativity of the term is justified because it implies that employees are using technology without the knowledge or approval of the IT department – a recipe for disaster.
The risks of shadow IT are well-known and have the potential to damage a business’s ability to function effectively. Even so, organisations still need to warn employees about the dangers of using software that is not supported by the business.
In recent years, shadow IT has increased with the use of software by employees who have bypassed company IT rules. With the increasing use of cloud applications such as Slack and online business tools such as Skype to encourage faster and more effective work, the risk of employees using shadow IT have increased. Technology developments such as BYOD (bring your own device), while providing significant benefits and fulfilling a specific business requirement, have also bred the rise of third party providers in the workplace, without the blessing of corporate IT.
The most obvious risk posed by shadow IT is the security lapse it enables. Without the IT department’s knowledge, unapproved applications can quickly lead to security breaches. Software needs to follow the protocols set out by the organisation’s IT department because, without this compliance and oversight, negative consequences begin to arise. For example, sharing or passing data outside the corporate firewall to external users or collaborators, where data governance and compliance can’t be assured presents a clear business threat. In addition, corporate bandwidth can be diminished by data travelling on the network that IT managers are unaware of.
Much of the attraction of unsupported software is that employees find it simple and quick to be productive using such tools. The intent is therefore not malicious because the initial impetus for utilising software that doesn’t conform to company IT policy is the desire to work effectively. However, this ends up being counter-productive and diminishes the employee’s efficiency in the long run because employees are threatening the organisation’s security and compliance status and creating fragmentation in the types of software used by different people within the business.
Negating these risks and eliminating shadow IT requires a close understanding of the business’s challenges and the employee’s needs. Both must go hand-in-hand so employees’ initial motivation to seek out unsupported software is removed because they already have access to approved, attractive to use tools.
This is CTERA’s mission – to provide a platform that offers leading security, governance and authentication tools, to ensure that whatever a user chooses, IT mandates for security, governance and compliance are adhered to. CTERA serves as a central control point to diminish, and eventually eliminate, shadow IT use and increase organisational compliance.
Even though organisations aspire to implement the tightest security models, if users fail to adopt the technologies that IT sanctions, there can be no security, no governance and no compliance. Businesses need to find the right balance between control and user enablement, and they are seeking solutions that enable them to do so.
Overall, there needs to be greater awareness among organisations that there are alternatives to the OneDrives and Dropboxes that can make users happy while tackling the challenges of keeping organisations protected. There are clear roles for IT departments and for individual users of hardware and software in the workplace. Successful businesses of the future will be those that understand this new reality, and have implemented IT policies that benefit the organisation and allow employees to flourish while working effectively. This will mean providing file sharing, storage and protection tools in a form that users like, that benefits the employer and that allows peace of mind for the IT department.
Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.