Shadow IT has become increasingly widespread in recent years as the increase in cloud computing and BYOD (Bring your own device) in the workplace has made it difficult for IT departments to manage software and hardware. Due to the increase in Shadow IT, businesses need to implement precautionary measures or else can be faced with increased security risks, compliance concerns and hidden costs.
What is Shadow IT?
Shadow IT is a term used to describe IT systems and solutions that are used inside organizations without explicit organizational approval. While staff may find using these systems convenient, they often do not consider the risks or other negative impacts that using these systems may have on the company.
Common examples of shadow IT can include staff:
- Bringing their own laptops in to work
- Keeping work documents on Dropbox, Onedrive or other non-company cloud services
- Using personal email accounts for work correspondence
- Using free online CRM or other tools to store company contacts or data
- Installing remote access tools to get remote access to their work computers from outside
In the past, Shadow IT was often a result of an impatient employee’s desire to access hardware and other specific web services, without undertaking the necessary steps to approve the technology through corporate channels. Today however, the meaning has expanded to include technology that employees use at work or, that meet the unique needs of a particular division. Shadow IT can be a large problem if critical company information is being shared over the internet without the IT department’s authorisation. Have you ever considered the repercussions if your sales team shared crucial customer data using a personal account of Google Drive?
In order to ensure that your systems are secure, compliant and cost effective, view our tips below.
Monitor your internet traffic
Cisco recently shared data results based on its customers’ public cloud usage which found that companies are using as much as 15 to 22 times more cloud services than CIOs realised. Not all cloud services used outside of IT control are bad, however they can pose security threats or lead to company data going missing or being distributed to the wrong people.
Regardless of whether employees are using company issued or personal hardware, it is important to monitor your network so that you can identify where all of your data resides. Your network equipment should be able to tell you what services are in use, how much they are being used and who is using them. If required, you can block access to common services that you feel pose a threat to your business.
Track devices on your network
To quickly identify potential risks, you should regularly monitor your network for new and unknown devices and programs. Systems are available to do this and alert you when unauthorised hardware or software is detected.
By incorporating this into your routine IT management processes you will be able to identify and address any items which may be bringing malicious programs into your network, or taking your important data out.
Establish guidelines around BYOD and cloud services
It is not uncommon for several departments within the one organisation to request different software in order to accommodate for their department-specific needs.
In order to fulfill these different needs, IT departments can create and share a list of approved software and applications which vary from the standard issue.
Through creating a list of approved software and services, individual departments will be able to make their own purchase decisions. Not only will this allow individual departments to obtain greater flexibility, but the IT department can rest assure that no compatibility issues or security breaches will occur.
Instead of getting caught off guard by new and disruptive technology that could help one of your company’s business units, stay ahead of the game and keep up with the latest technology employees may want to use.
While this can be a time consuming and sometimes costly process, it will significantly reduce the risk of Shadow IT from occurring.