In today’s technology-rich, plug-and-play environment, information and new solutions are just a click away. You can be up and running in a matter of minutes. You don’t even need your IT department to get it working…or do you?
As tempting as it may be, implementing technology and/or solutions without the knowledge or assistance of your technology and security teams can put your organization at real risk of data breaches, regulatory fines, licensing issues, network resource issues, and negative publicity. This practice is commonly referred to as “shadow IT.” Make no mistake: there may be (in some cases) valid reasons why this is occurring. If so, those reasons need to be identified and addressed. While the solutions being identified may seem like great wins for the company, they still need to be vetted to ensure that the financial, business and security risks are acceptable to the company.
What is shadow IT?
Shadow IT is a term for a decades-old issue that started occurring when computer technology was becoming inexpensive, available, and easy enough to use that departments and individuals didn’t always have to go through their IT departments for access. Prime examples are employees who use their personal computers and mobile devices for work-related activities as well as their off-work activities. These are “Bring Your Own Device”, or “BYOD” users.
Workers often use off-the-shelf consumer grade apps and services for messaging, email, file-sharing and remote access. Some employees are even building their own applications (“BYOA”). According to the third Annual Mobile Business Application survey from Canvas, a provider of cloud-based software services, 400 decision-makers from a range of companies said that:
• 61 percent of businesses created a new mobile app in 2015 without any IT involvement
• 20 percent of the businesses that developed apps without IT support built 10 or more apps
• 81 percent of businesses are somewhat or very comfortable building mobile apps without the IT team’s help
• 76 percent of those surveyed were able to create a cloud-based app in one day or less.
That can add up to a lot of IT hardware, software, services and activity that aren’t under the control of, often not even known about by, the IT department. That can be a problem.
The shadow cast by BYOD and BYOA
Shadow IT activities are understandably tempting approaches for employees. For someone who has been using these unapproved apps on their phone or tablet for years, it may not even occur to them that it might be problematic.
Unfortunately, while convenient for employees, shadow IT can be bad for the company. Data is key to nearly every aspect of your company’s activities. Part of IT’s responsibility is to ensure that data is kept secure from unauthorized access: being misused, changed, deleted, or stolen.
Here’s a quick look at some of the problems that shadow IT can create:
• Regulatory fines: The mere act (or even capability) of viewing or sending sensitive data in an unauthorized way can result in government or industry fines, along with negative publicity.
• Data losses and breaches: Not only can shadow IT open your network up to vulnerabilities and threats, it can store your data in unprotected areas outside of your company, making the risk of a data breach significantly more likely.
• Virus, malware and other threats: Unauthorized devices and accounts may not have the appropriate level of protection, opening up the company to data losses and network breaches by hackers and other malicious threats.
• Added IT costs: While the costs for extra copies of software and related IT support quickly adds up, the cost of unlicensed software can be even more significant. These programs aren’t always licensed for commercial use, which can open your company to potential legal action.
It’s essential that companies not only be aware shadow IT is happening, but also identify where it’s happening and what steps to take to address the problem. Learn more about managed network services from Capital Business Systems, or contact us today!