What is Shadow IT?
Shadow IT is the practice of a company's employees using technology and services that have not been approved by the IT department. For companies without a dedicated IT team, the likelihood that shadow IT occurs is significantly greater. It has become more widespread for several reasons.
The ease of acquiring apps and cloud services allows employees to quickly implement the solutions that make their jobs easier.
Employees feel that IT moves too slowly and is not responsive to their needs.
Employees are accustomed to using productivity apps and services for their personal lives. It is only natural that they feel comfortable extending this to their business lives as well.
Employees feel like there is a wall between what they need and what IT delivers.
What are the Risks of Shadow IT?
Employees view crafting their own productivity solutions as a way to be more efficient. They feel more in control of their time and how they work. While their intentions are often good, they do not understand the real security risks these can pose to the company.
Consider a few critical points ---
When an employee creates an app or online account, who is the account owner? Is the account registered in the employee's name instead of the company?
Who has access to the account?
What do the Terms and Conditions grant to this third party application provider?
Does the app or service provide for user access controls? Does the employee know how to do this and why it's important?
Has the employee used a strong password that is consistent with your company's password policy?
Who has the password other than the employee?
What data is being collected, stored, and shared?
Is the data backed up by the service provider?
Does this app or service integrate (share data with) other company applications or services?
When the employee leaves the company, what happens to the application and all the data?
What points can you add to this list?
What Are the Benefits of Shadow IT?
In spite of the risks, shadow IT isn't necessarily all bad. When properly implemented with a clear, collaborative company policy, employees are encouraged to continuously learn, explore, and contribute to the company's growth tools.
The key is a thoughtful, not heavy-handed, policy that everyone understands and agrees to. Employees will become more aware of essential security practices, the importance of safeguarding client and customer data, and the value of the company's reputation.
Employees want to contribute.
Employees often see opportunities for efficiency that IT isn't aware of.
Breaking down the walls between IT and the rest of the company isn't easy, but it can be done with open communication.
Companies will discover the employees who are eager to explore new tools. Everyone doesn't love the research and the time needed to learn. These employees are hidden gems in the company.
Make IT exploration part of the company's ongoing technology strategy. The speed of change will only increase, and a living technology plan is essential.
Continually assess the company's technology and data investments. These are some of a company's most valuable assets. Technology must always add to and integrate easily with the existing technologies in use.
How Can You Adopt a Company IT Policy?
Our 7 Step Guide to Discovering and Managing Shadow IT
is the place to start. You can implement this based on your company needs right now. Each step has an immediate benefit for you so work at your own pace.
What If You Don't Have an IT Team?
Begin the same whiteboard worksession with your trusted leadership team. If you're the lone leader, then you're no stranger to the "meeting with myself." The end result will be the same no matter the number of people at the whiteboard.
Why is an IT Policy Important?
It's important to remember that you, the company leader, are responsible for ---
The safety and integrity of your customers' and clients' data.
The safety and integrity of your company's data.
Your customer's and clients' reputations.
Your company's reputation.
The responsible use of all internal and external technology resources by everyone in your company.
The strategic health of your company.
How Web Content Filtering Reduces Shadow IT Use
Free Password Strength Checker
Where Does Your Valuable Data Live (PDF)
How to Do a Software Inventory
Discover and Manage Shadow IT in 7 Steps (PDF)
. . . . .