What’s lurking in the shadows?

Eliminating the threat of Shadow IT

 

by Andre Vaux

Andre Vaux | Managing Director at claireLOGIC

While your employees will largely recognise the importance of IT, there will be an underlining trend where employees take some elements of IT into their own hands; by using devices, apps and software for business use, without IT’s approval — this is called Shadow IT.

With every best intention, an employee may use a particular app or website to aid their role, or be under the illusion that their own personal IT choices will make them them more efficient in the workplace – however, the data shows otherwise.

At home, we are all our own IT Manager, and of course, we know best when it comes to deciding what works best for us personally, and what doesn’t. But sadly, this mentality is often brought back into the workplace too.

Rob Lefferts – Microsoft 365 Security VP says “Our data shows that there is well over 1,100 cloud applications used in large enterprises today, and IT isn’t even aware of more than 60% of them. This leads to large numbers of shadow IT in organisations and introduces security and compliance risks”

Shadow IT is nothing new…

The lines between personal and business tech began to blur as soon as the home computer was the norm; from your 80s floppy, to your 90s CD-R and into your naughties USB drive – the ability of employees to to run their own software and upload and download data has pretty much, always been there – and has always been a problem. Now however, the use of shadow IT is huge, with the use of cloud apps and mobile devices having sky-rocketed. The fight is against unauthorised software and peripherals – and this problem is growing exponentially day-by-day and more apps are launched and pushed into the hands of end-users.

With every will in the world – and with all the internal customer niceties in place – many employees will blame their perceived perception of IT’s ‘culture of no!” as the main reason why they take IT into their own hands, so what can be done?

The ongoing issue of shadow IT

The use of consumer-grade cloud apps without IT’s approval can and should be highlighted as a massive risk to your business continuity. Although the perceived reward of increased productivity is deemed greater than the perceived – or even known – security risk, employees will often work in the shadows to bend and breaks the rules.

And that’s just the good guys trying to be more productive, let’s not forget the malicious breaches using consumer-grade tools. The potential risks to your business could be catastrophic and simply can’t be ignored.

Starting to solve the problem of Shadow IT

  • Increase communication
  • Implementation or review of security training
  • Define roles of responsibility and accountability
  • Conduct regular audits and review remote monitoring
  • Review technology and software training
  • Seek advice from end-users when choosing applications

Need help?

If you require any support auditing, reviewing or monitoring your IT systems – please get in touch with our support team – or book a video call.

Get support today

Get in touch today for impartial help and advice – email hello@clairelogic.net or call us on 01865 989144