Shadow IT can lead to innovation, but Shadow IT risk can also be a security nightmare
Just as the name suggests, shadow IT refers to free or paid applications that employees use in the shadows of the IT department’s knowledge or approval. From here stem Shadow IT Risk and Reward.
Not only have these applications not been authorized, controlled or supported by the internal IT team, but often they aren’t in line with the organization’s requirements for data management, security and compliance.
However, many consider shadow IT to be an important source of innovation, enabling employees to work in an efficient manner that appeals to them and can lead to a prototype way of working that benefits the entire business. From the beginning of the bring your own device (BYOD) movement and the increase of the millennial workforce, shadow IT has had an ever increasing impact on organizations.
Shadow IT can be a security nightmare. Especially when you consider that those members of staff who are likely to use their own solutions will inherently be from the generation of risk takers who are inherently less concerned by the need for all-encompassing security measures. So, how can businesses protect themselves from this Shadow IT risk and how should businesses decide their own risk profile?
Allowing personally chosen devices in the work environment has led to the adoption of employee chosen applications to access or manage corporate information and data. The general consumerization of IT and the trend for staff to bring in their own devices has meant that every employee is now a potential user of shadow IT, easily deploying mobile applications. It is no longer just rogue, tech-savvy staff wanting their own tools.
It is wrong to discuss shadow IT without examining the benefits it can bring in innovation. A recent Frost and Sullivan report entitled The New Hybrid Cloud showed that 49 percent of staff are comfortable using an unapproved application, because using them helps them “get their job done more quickly and easily.”
The rise of shadow IT may actually inject a healthy dose of innovative thinking into organizations, so shouldn’t be disregarded from the start. Not to mention, shadow IT applications are often far cheaper than their ‘official’ counterparts procured through the IT department.
Some of the world’s largest companies are discovering that instead of trying to drive out shadow IT, it is best to embrace it as part of a wider culture of innovation. Adriana Karaboutis, VP and global CIO of Dell recently said, “I don’t chase shadow IT, I chase innovation. When you work in a technology company and have 110,000 best friends that understand technology well and probably even better than you do, you have to be out there working, listening and determining how you can create even more value for the employees and customers that you serve as opposed to being defensive about owning IT.”
Organizations need to be able to monitor an individual’s data flow at the most basic level, regardless of whether users are in-office or mobile. Solutions such as cloud application control (CAC) can provide businesses with this visibility and the ability to discover, analyze and control all the information staff are accessing or sharing – whether across authorized or unauthorized applications. It is about managing security risks without stifling innovation. By ‘following the user,” businesses can ensure that employees are safe and secure at all times, whether they are using authorized applications or those from the shadows.