The creep of Shadow IT
What is Shadow IT?
Shadow IT is hardware or software installed onto corporate devices and systems that is not supported by an organisation’s IT department. Shadow IT often involves the use of cloud-based software-as-a-service apps, such as Dropbox, iCloud and Microsoft OneDrive as well as popular social media sites like Facebook and Twitter.
Is it something to worry about?
The staggering growth of non-IT staff installing and running their own preferred applications and programmes – without the permission or the awareness of the IT department – can cause concerns for not only the IT department themselves, but for the business as a whole. For instance,
- It makes it difficult or impossible to effectively secure corporate data as it moves to personal devices and cloud services
- It prevents visibility into how technology is being used
- It can often lead to staff taking confidential material out of the workplace and onto uncontrolled, shared drives or clouds.
- It can create support issues when users need to contact the help desk about issues related to unapproved tools
- It encourages technology decisions, including the sourcing and procurement of solutions for large groups of users or entire departments, to be made without IT’s knowledge or involvement.
- It can lead to the possibility of introducing viruses and similar threats through unsecured systems
Because shadow applications are not managed by IT or integrated into an organisation’s systems, they aren’t subject to the same security controls or other compliance-related safeguards.
The right approach
These applications and programs might well be using them for the right reasons and for work purposes, but unless management and IT are aware of their usage, they can certainly jeopardise a company’s overall data security.
By allowing your staff to choose their own technology to use in the workplace, a company risks data being shared by the wrong eyes or viruses being transferred as these technologies are often not in line with the organisation’s requirements for control, documentation, security and reliability.
What every business needs is a comprehensive plan and greater communication between staff and managers. The employer should keep a list of every individual staff members apps, plugins, clouds, drivers and social media accounts and monitor their usage.
Centrix Solutions can help you come up with this comprehensive technology plan, so as to ensure that your business communications are not in conflict with shadow software and hardware.