Is shadow IT really a threat to business?

Clare Hopping

Friday 28 July 2017

Shadow IT can pose serious security risks to enterprises through the use of unsanctioned cloud applications. With proper management, however, it can be monitored and risks can be minimised through staff education, while also boosting morale.

According to a report by Symantec, businesses are not aware of the number of applications their employees are using, with some organisations using up to 1000 apps, only 1 per cent of which are sanctioned by the IT department. What’s more, 95 per cent of CISOs say that trying to make sure those apps are properly sanctioned is the most stressful part of their job.

But it doesn’t have to be this way.

Keeping on top of unauthorised applications shouldn’t be your biggest workplace concern. In fact, they can actually have a positive impact on staff motivation.

After all, if employees use apps because they consider them the best tools for the job, why should the IT director tell them otherwise? A better approach is to manage shadow IT in a formulaic, granular way. As a result, employees will be happier using the apps they want to use, and security threats and data breaches can be minimised.

Educating staff on the use of unsanctioned cloud apps, and the deployment of business-ready technology, can keep threats to a minimum, while also ensuring the workforce is comfortable using technology.

Why is shadow IT a threat?

While IT departments battle to remain vigilant to such threats, it’s becoming more difficult to manage what you cannot see. Unsanctioned cloud apps, in particular, remain invisible without careful inspection and monitoring.

Cloud apps are also becoming accessible to a growing number of devices. Because many of them enable content sharing, it’s very easy to expose data and sensitive information that should only be available to those within the organisation.

How to successfully manage shadow IT

There are several ways to tackle the shadow IT issues, and it’s possible for employees to use cloud apps without increasing the risk of data theft and loss. Through careful assessment of cloud apps, you can determine the risks they pose and educate your employees on how they could affect the business. Teaching employees about specific threats – and how to avoid them – can minimise any risky behaviour in future.

It’s a good idea to have a backup system and a data recovery plan in place should any data breaches bring down your network. This way, your business can remain operational in a worst-case scenario. Understanding information stored in cloud apps is also vital so you can relocate data to a secure, business-ready network.

It’s important to remember that while IT staff can block access to cloud apps that have known vulnerabilities, you must communicate these blockages to staff in order to avoid frustrations that may impact productivity and workflow.

Shadow IT can seriously threaten your business if not managed properly. It can also make the IT department’s job more stressful, as they rush to minimise the impact of unsanctioned apps within the company. It’s essential your employees remain productive and motivated, using the apps they believe in to make their processes more efficient.

By working with staff to ensure they are aware of the business risks, and rolling out a formulaic, granular process for using unsanctioned apps, shadow IT needn’t be detrimental to running your business, your data security or your overall IT strategy.


Building the next-gen data centre

Where traditional and web-scale apps co-exist