Show IT is the term used for the use of hardware and software without informing or seeking approvals (to use them) from the company’s IT department. Using such software or hardware is not illegal. However, it can sometimes have dangerous consequences for a business.
As per various surveys conducted across the globe, more than 50% of employees across several organizations have reported having used shadow IT services and applications. Unauthorized usage of software and hardware can be controlled when the machines (PCs or Laptops) are used within the physical premise of the office. However, the instances of shadow IT have exploded exponentially since remote working environments have become a norm globally due to COVID-19 pandemic.
In this post, we will learn about what shadow IT is, what are some of the potential risks associated with shadow it, can it really be beneficial sometimes; and how to manage the usage of shadow IT within an organization in the current scenario where we are all grappling with pandemic and working pretty much remotely.
What is the meaning of Shadow IT?
As mentioned above, shadow IT refers to the use of a technology, device or application while working for an organization without informing and seeking a formal approval from the company’s IT department. It may sound a bit creepy or malicious but Shadow IT is also referred to as Stealth IT or even Rogue IT.
With easy availability of software on subscription basis, it is now common for users to subscribe to SaaS (Software as a Service) applications without checking with their company’s internal authorized IT personnel. There are many simple collaboration or productivity applications such as the ones for editing videos, designing graphics, converting file formats (e.g., excel to csv or MP4 to MP3, etc.) that are used extensively. Using unapproved apps is usually done out of necessity and the inability for the corporate IT to respond real-time. And the challenge here is that none of the parties – employees or the IT team members – can be blamed for this because it wouldn’t be a great idea to wait for the approval of the IT team to convert a file. Practically too, it can’t be a feasible solution to reach out to IT for every small task. While it may take just a few minutes or even a few seconds to convert a file using a SaaS application, seeking approval from an IT team may take at least a few hours. And no one would ever wait for so long when every minute counts. Similarly, if IT teams keep responding to such small issues, they would end up spending long hours everyday approving or disapproving simple requests.
Whatever may be the case, shadow IT application sprawl must be monitored and acted upon to ward off events that can lead to bigger challenges. So when users feel compelled to step away from company-approved platforms out of frustration, it’s a call to action to re-evaluate the prevailing software strategy for tht IT team. When it comes to security, employee autonomy to use the choice of hardware or software must be sidestepped. Being creative is fine but it cannot come in the way of business continuity. Of late, when business units started using a video conferencing app without informing or taking approvals from IT, they landed their company in a massive concern relating to data theft.
Security is the most significant threat today considering the sprawl of sophisticated and ever-growing cyber threats. When non-tech-savvy users take software applications, and even hardware, into their own hands, they are often unaware of the corporate-level safety compliance prerequisites that need to be strictly adhered to. This leaves not just that particular user but the entire organization – along with their critical data – extremely susceptible to attacks. As per reports, more than 20% of all the global organizations experienced small to large cybersecurity related threats due to unapproved IT applications.
Understanding the Application sprawl
Application sprawl simply means the overuse of specific software applications within an organization or a specific business unit within the organization without prior design or planning. If within a team, users use multiple tools that are not synced with each other, chances are they may end up duplicating their work across those multiple platforms or applications. The waste of time and money caused by such disparate applications is often extremely whopping. And a lot of it happens due to Shadow IT practices.
Shadow IT has been known to worsen application sprawl. This happens because every user within the organization keeps adding applications independently, without knowledge of the IT team. This creates multiple streams of applications for small user groups and each group runs its own silo. Sprawl of unauthorized applications worsens the problem because not only does it make the entire system inefficient, it makes the entire organization vulnerable to security threats as these unauthorized applications are often not very secure and they create multiple endpoint security threats.
IT departments must cleanse the unauthorized applications from the corporate network to conserve resources such as storage space and bandwidth. They must knip the sprawl in the bud before it reaches a point where the damage can’t be controlled efficiently.
Some common examples of Shadow IT practices
Some typical shadow IT examples include:
- The Use of personal email accounts, such as gmail, yahoo, etc. for business communications
- Replicating existing software applications without adding new licences
- Use of unauthorized and unsanctioned hardware, like hard drives and portable storage devices such as a pen drive, CD, etc.
- Subscribing to third party SaaS applications such as video conferencing tools, desktop productivity tools, and various collaboration tools
- Personal Google drive components such as Google sheets or similar third party tools for storing company data, performing mail merge, etc.
- Use of free CRM tools to store customer information
Are there benefits of Shadow IT, if any?
Although the term Shadow IT, Stealth IT or Rogue IT represents a negative connotation, shadow IT has some surprising benefits:
- Many shadow software applications are better suited to perform the task at hand than the ones available as part of the software package offered by an organization, increasing employee productivity.
- Shadow IT solutions enable users to work more efficiently.
- Employees can test and evaluate multiple applications before finalizing one or two for future usage in order to get them purchased from the IT team
- Shadow IT solutions can be implemented instantly, particularly if it’s a SaaS offering, saving time for the installation and provisioning
Prominent risks associated with Shadow IT
The rampant usage of alternate software, either on the device provided by the company or due the acceptance of BYOD model, leads to the installation of older or supported software for which the software vendors not not offer timely patches that take care of the newly founded bugs or malwares. This practice often results in security breaches that can sometimes have devastating impact on an organization.
Here are some other risks of using shadow IT:
- Unintentional installation of malware, exposing the entire organization to malicious attacks
- Increased software licenses costs and uncontrolled application sprawl
- Development of several silos of small groups, duplication of efforts and increase of insecure endpoints
- Penalties and even lawsuits
Tips on managing shadow IT
Managing shadow IT can be extremely frustrating for the IT department as such practices become a roadblock to their efforts of providing a secure and high performance platform to all the employees within the organization. While it’s not possible to completely stop the use of all shadow IT apps and hardware, what is important is to decide what level of shadow IT can an organization effectively manage.
Here are some tips on managing shadow IT:
- Encourage the employees to be honest about the apps they’re using
- Understand the causes behind your shadow IT situation
- Implement policies for software and hardware usage and ensure the policies are strictly adhered to
- Continually monitor unauthorized apps and remove them from the network
- Restrict access to the commonly downloaded or subscribed apps
- Make sure that every team has all the tools that are required to make their jobs efficient
- Have a documented strategy about Shadow IT and implement it effectively