Shining a light on Shadow IT
Shadow IT has a bit of an unscrupulous reputation, and perhaps deservedly so – Shadow IT is the practice of employees using any applications they fancy, without getting the IT department’s approval.
“It’s like the inmates are running the asylum” is one metaphor I’ve come across.
I can certainly understand the issues, mainly because the use of these apps can cause a lot of administrative headaches. I feel a lot of sympathy towards any IT Manager who has painstakingly configured their IT Systems, only for other employees to go behind their backs and undo all of that good work.
Also, the consequences extend far beyond a simple reprimand from your IT Department’s figurehead. Shadow IT can create huge security vulnerabilities, especially if you don’t know how far the problem extends.
Shadow IT can be anything from installing an instant messenger service onto a corporate device, to downloading your own file sharing software and using it to transfer sensitive data. If not controlled, don’t be surprised if that sensitive data winds up in the very last place you wanted it to be. Such as a cyber-criminal. This kind of operation is like catnip for hackers.
So, it’s not good practice to use Shadow IT. And yet it’s incredibly prevalent in businesses.
So why does it happen?
Sometimes, employees use Shadow IT tools because they were used to certain systems in their previous organisation. After all, it’s easier than learning something new.
People also do it because they simply didn’t know it was wrong to do so – I suspect most of those who are guilty of using Shadow IT fall into this category.
However, often the intent behind Shadow IT is good, even if the execution is flawed. It’s simply a willingness to want to do things better – and who doesn’t encourage that sort of spirit within business?
After all, doing things ‘another way’ is how the lightbulb was invented. And the internet. And probably every other invention in the entire history of the universe.
People will always try and come up with a better way of doing things. Sometimes, we’ll mess that up (“New Coke”, anyone?) but other times we’ll end up with something far better than we had before…it’s like daring to come up with the idea of a car, rather than find a way to make horses go faster.
What if you could take that entrepreneurial attitude, and channel it in a way that makes the organisation more secure, not less? New ideas always start with people. Our Chief Technology Officer Alison Vincent recently predicted that ‘intrapreneurship’ (the encouragement of innovative ideas from within the organisation) will be a major focus for businesses in 2017.
We believe that you can securely connect everything, so that anything is possible. Here’s a few thoughts on how you can shine a light on Shadow IT, and turn it into a positive contribution to your business:
- If you don’t already, have a forum or an ‘ideas on a postcard’ tool that allows your employees to submit ideas that could improve the running of the business. Reward people for doing this, and celebrate when an idea becomes reality.
- Effective Security isn’t just about the technology – it’s also about setting the right processes. Make Security Awareness a fundamental part of your training programme, so that people understand the consequences of using insecure devices and programmes.
- Knowing what’s happening in your network is a huge priority in IT Security. Unfortunately, most businesses don’t know when a breach has taken place, how it got in, or how bad the damage is. Reverse that.