Is your business running shadow IT without you knowing it?
Do you remember the days when mobile phones could only make phone calls? Or when the latest software was installed using a CD-ROM?
Those days are long gone. And now, more applications are moving to the cloud and even more devices are connecting to it.
New technology always creates new challenges. For example, we know that cloud-based software like Office 365 can significantly reduce the burden on any IT team or small business management. An overwhelming positive. But it might also raise security challenges when it comes to uploading data. You need to be able to handle both sides.
For better or worse, it means yesterday’s technology may no longer be fit for purpose by tomorrow. There is no doubt that’s an exciting prospect, but such developments tend to come with their own side effects, one of which is known as ‘shadow IT’.
What is shadow IT?
Every business believes they are supplying their staff with the correct technology they need to do their job to the best of their ability.
But if an employee feels the tools at their disposal are no match for the latest releases, they may find a loophole and start using an alternative application that better suits their needs. Some might decide to use their favourite application for note taking and another for email or file sharing. They might plug their mobile phone into their laptop or connect a USB drive.
Now, you might think, is that such a big problem?
The reality, unfortunately, is that it is. In one stroke, shadow IT could bypass all your cyber security precautions. Plugging in a device that hosts a virus. Or storing work that is not backed up. Or inadvertently transferring sensitive data off-site.
First of all, it’s likely that the employee’s intentions were pure. They certainly weren’t out to sabotage the company, by any means. Most employees are simply not aware of the risks associated with using shadow IT.
More often than not, the employee is simply using their initiative to try and do a better job. Whether the device or the program they’re using is more advanced than what the company offers, is beside the point. If it’s not part of the official IT system, then it’s shadow IT, and therein lies the problem.
A set up that hasn’t been authorised by you or your IT department if you have one, can pose unknown risks to your cybersecurity. In fact, by 2020, Gartner predicts a third of all breaches will stem from shadow IT.
So what steps can you take to resolve these issues before they spiral out of control?
Shrinking the shadow
Collaboration here is key. Any initiatives that encourage an open discussion will be to everyone’s advantage. A shadow IT infrastructure can actually present opportunity. Any employer can use it to learn which devices and applications their employees use, and therefore value, the most. By approving and even purchasing the most popular with a license that everyone can use, you can improve morale, productivity, and efficiency. The same may go for hardware.
Solving this problem boils down to better education and communication. It’s about raising awareness among your staff. Do they understand the risk of shadow IT to the business? If you share your views, or more formerly a policy, on unapproved applications, it will reduce the problem significantly.
Try publishing an up-to-date list of all your approved services and applications. Make sure it’s easily accessible. Regular security testing will also help to highlight any potential issues.
Help is at hand
We help small businesses in and around the South West deliver effective IT solutions. If you’re concerned about a potential shadow IT infrastructure, please contact us. We can work together to find a solution.
We can either help on a one-off basis or provide cost-effective business support that starts from just £20 per user, per month.
If you enjoyed this article and would like to read more – why not sign up to our mailing list? You'll receive all our best advice, straight to your inbox.