Thanks to the rise of BYOD policies and cloud computing, shadow IT seems to be here to stay. But is it a threat to enterprise security, a boon to IT teams, or something in between?
With the proliferation of BYOD policies in the workplace and the increasing prevalence of cloud computing, “shadow IT” is becoming a fact of life for many organizations. Indeed, NetEnrich’s 2019 Cloud Adoption Survey notes that 20% to 40% of enterprise technology spending is happening outside IT teams’ purview.
If you’re new to the cybersecurity space, shadow IT refers to the use of IT systems without the explicit approval of an organization’s IT department. While employees decide to use these systems for a number of well-intentioned reasons — some of which we’ll go into below — that doesn’t stop IT departments and key stakeholders from worrying about the potential security implications of this trend.
However, before you and your team set out to eliminate the use of shadow IT in your workplace completely, it’d be wise to consider its pros and cons. While shadow IT does present real challenges that organizations need to consider, the trend also offers advantages for enterprises that are willing to be flexible.
The main reason that many employees decide to use IT systems without the explicit approval of internal IT teams is to improve their performance. Generally speaking, employees want to do their jobs well. If they’re using new technology — technology outside of traditional IT purchasing and vetting practices — it’s typically because sanctioned platforms aren’t getting the job done.
Rather than clamping down on shadow IT, decision-makers should evaluate how it’s affecting important workflows. If unsanctioned products are helping employees do their jobs better than officially approved platforms could, it may be wise to let employees continue using them for the sake of operational efficiency.
Another advantage of shadow IT is that it allows employees to enjoy greater freedom in the workplace. IT departments sometimes get a bad rap for being controlling and opaque to the point of being dictatorial. While this reputation is largely unearned and doesn’t take into account the pressure IT professionals face to keep organizations secure, it can still be beneficial to combat this false perception.
Ultimately, creativity thrives in work environments where employees feel that they have the freedom to do their jobs as they see fit. This is especially the case with younger workers, such as millennials, who expect a seamless technological experience between their private and professional lives. By taking this into account, IT teams can support rather than hold back their peers.
Between greater efficiency and more freedom, shadow IT clearly has its advantages. For IT teams, then, this trend can start looking more like an opportunity than an obstacle. Rather than seeing shadow IT as something to be fought, it’s possible to evaluate it as a roadmap to better IT investment.
In fact, shadow IT could represent a new model of buying for IT teams. By working with employees to better understand what they need — and what unsanctioned platforms they’re already using to meet those needs — it’s possible to make the purchasing process more transparent and collaborative.
IT departments often associate the use of shadow IT with a lack of cybersecurity — and for good reason. As anyone involved in cybersecurity decision-making can attest, maintaining business network security is complex and expensive. Shadow IT creates unmonitored, unsecured pockets of data-sharing and reporting within an organization, something that can put proprietary data and key assets at risk, not to mention lapses with compliance.
If left unmanaged, shadow IT can lead to the sharing of information with the wrong people, bad actors included. The consequences of such an incident could be disastrous for any organization — particularly those governed by stringent data security laws and regulations. Separately, it’s important to consider that simply allowing your employees to flout sanctioned IT platforms may inadvertently serve to contribute to a culture in which it’s considered acceptable to break rules.
IT teams select and sanction certain systems with special attention to interoperability with other internal programs. While employees may be using shadow IT systems because they can handle discrete tasks well, that doesn’t mean that they’ll be compatible with other core applications. Even if shadow IT can help employees with one part of their job, that efficiency can be negated if they run into issues porting their work elsewhere.
Similarly, these programs will not have been vetted by IT professionals when it comes to business continuity. If employees are storing valuable data on unapproved systems, that information can be lost without the support of internal data storage and preservation policies.
Cybersecurity issues caused by shadow IT can be incredibly expensive for organizations. In the event of a security breach or data exfiltration hack, much of the productivity gains netted from allowing employees to use unsanctioned services can be quickly negated. Internal operations could be affected and customer relationships could be irreversibly damaged.
Additionally, the actual use of shadow IT usually indicates that employees are expending budget on redundant technology. This means that shadow IT can prevent an organization from achieving full ROI from approved platforms. In other words, the presence of shadow IT means that you’ll be paying both for what employees are using and what they’re choosing not to use.
In the end, shadow IT can offer benefits to organizations that are willing to take the steps necessary to manage the associated risks. Used incorrectly, shadow IT can allow hackers to take advantage of vulnerabilities in your enterprise network security. Managed properly, however, shadow IT can boost productivity, increase technological transparency, and promote better IT provisioning practices.
If you’re curious about how best to handle shadow IT in your organization, reach out to Turn-key Technologies (TTI) today. With decades of experience in the networking and cybersecurity space, our team has the resources and expertise you need to secure your digital infrastructure and improve productivity.
April 5, 2016
Please, rotate your device