December 17, 2015
Most CIOs and CTOs are more than familiar with shadow IT and its associated problems. Even the CEO of Box, one of the primary technologies that ushered in the age of shadow IT, has since come to realize the serious problems associated with the practice of sneaking technologies into a company without the knowledge, consent, and control of IT. This is particularly true when mobile and cloud technologies are in play. Here are the most prominent issues to be aware of and take control of regarding shadow IT.
Shadow IT and Compliance
Things like saving documents on your latest product R&D in Dropbox or keeping up with financial transactions in Google Docs looks as innocent as a kitten. But the dark side of shadow IT is fierce and frightening.
Regulatory compliance is becoming more and more serious as legislators and industry regulatory bodies seek to put a lid on the rampant data breaches and identity theft that has plagued consumers over the past few years. It is simply impossible to remain compliant when the company and IT have no idea where data is stored, let alone what the data is and when it has potentially been compromised.
Shadow IT and the Insider Threat
According to the most recent research, companies are more at risk from accidental insider threats than from intentional ones. About 36 percent of data breaches and intrusions were the result of employee negligence, compared to just 22 percent of the incidents that were attributed to outsiders. Shadow IT moves data and applications outside the realm of IT's control, meaning that the 36 percent might never be discovered and addressed by security professionals because those incidents happen outside your IT infrastructure. Can you imagine the Target or Home Depot data breaches without the response by trained and dedicated corporate IT security specialists? Scary.
Shadow IT and Data Control
Aside from the data that is regulated by laws or industry standards, companies hold intellectual properties, proprietary secrets, and data related to business intelligence that must be closely guarded. Letting an important financial document or plans for a new product get leaked can amount to professional suicide. Yet much of this critical secret data is put at risk in consumer-grade cloud-based apps every day in environments where shadow IT is uncontrolled. Often, the business will not even know the data was compromised until -- surprise! -- the competition knows everything there is to know about a new top-secret project.
Shadow IT and Network Performance
One of the least talked about but most frustrating aspects of shadow IT is the stress and strain it puts on the network performance. Shadow IT introduces lots of devices, applications, traffic, users, etc. that strain the bandwidth and the network monitoring solutions that IT has put in place. Shadow IT activities can slow connectivity speeds and bog down systems, negatively affecting things like customer service and employee job satisfaction. It's difficult to even measure how much these types of issues cost a company over time, yet it can all be traced back to shadow IT practices.
Preventing Shadow IT
If IT is providing workers with the right tech resources, they won't need shadow IT to get their jobs done.
What can the CIO or CTO do to get a handle on shadow IT?
- Identify the worst offenders. Find the shadow IT activities and apps that are the most dangerous and troublesome and get those stopped first. This gives you some leeway in addressing the others.
- Consider offering a limited-time period of amnesty. If workers come forward and confess their shadow IT sins, there will be no repercussions. This gives IT a chance to identify the worst problems without having to worry about people hiding their activities and trying to deal with punishments while addressing critical security and performance issues.
- Educate employees on why shadow IT is a problem. If you have a healthy corporate culture, your workers will be as dedicated to protecting proprietary and customer data as you are.
- Establish policies to deal with shadow IT after the amnesty period. The rules have to apply to everyone across the organization equally.
- Provide the tech resources workers need to do their jobs. They won't give up their shadow IT ways until they have viable, intuitive, convenient options. Either develop the right solutions in-house or find appropriate apps and resources outside the organization.
If shadow IT seems frustrating, you are not alone. Over 60 percent of businesses are dealing with the same issues. Learn how to cope with shadow IT and other cloud and mobile issues facing today's enterprise in this free article, The Borderless Enterprise. It is your gift from NETSCOUT.