Shadow IT: Defined, Explained & Explored.
This post is written by Julie Adams, a Communication & Content Specialist at DisplayNote.
Shadow; the word tends to evoke negative connotations. Clandestine activities that unfurl in dark places, away from watchful eyes.
Shadow IT Platforms somewhat encapsulate this sentiment too. A growing concern in the workplace, many organizations have witnessed a dramatic rise in the prevalence of outside IT solutions; but is it inevitable in a digital world, or just a problem that needs addressing? We discuss it all below.
What is Shadow IT Use, you ask?
Shadow IT is the use of IT-related hardware or software in an organization without the knowledge or oversight of IT or security. Individuals or departments bypass the IT department, opting for solutions and services from third parties, not on the organization’s ‘approved’ list. Given the rapid transition to cloud-based computing and personal device use in the last few years, it’s easy to see how this can come about.
There are three different forms of Shadow IT use:
- Hardware – Laptops, PCs, tablets, and smartphones.
- Packaged Software
- Cloud services – this includes SaaS (software as a service), IaaS (infrastructure as a service), and PaaS (platform as a service).
Would you like an example?
It’s Monday; you’ve got a call with a client in another country. You decide to bring your personal laptop (it’s a bit lighter and easier to use) into the meeting and connect it to the screen, using it to launch a Zoom call on the meeting room screen (even though your business uses Teams).
You and a few other members of your team are working on a substantial project. You find an online productivity app that helps manage task allocation, keep files in a central location, and automate workflow. Great.
Why has Shadow IT become more prevalent?
The rapid adoption of cloud-based services is partly to blame for the soaring levels of Shadow IT. Over the past five years to ten years, the technology market has experienced a seismic shift. Increased digital literacy, reduced purchasing costs, and a plethora of choices have led to the consumerization of IT. Arguably, technology is now more accessible than it ever was. Individuals now feel comfortable purchasing their own devices, downloading apps and software, and using these tools both at home and in the office.
Surely this can only be a good thing, right?
Well, yes, the democratization of technology is generally a good thing. It reduces barriers to entry for jobs, increases autonomy, and decreases reliance on expensive, overly complicated legacy software.
Then what’s the problem with Shadow IT Use?
Shadow IT can open your organization up to:
- Data privacy risks – sensitive information can be more readily accessed by outside sources.
- Compliance issues – regulatory compliance is difficult to enforce when employees use software and applications without the IT department’s knowledge.
- Enterprise security risks – if members of the team have poor password habits (like using the same password for company logins and third-party applications), company systems can be easily entered by outsiders.
While employees using other technology isn’t inherently malicious, it does leave organizations open to security breaches, more help queries, and a lack of unified digital strategy. Hundreds of unauthorized apps are used across a standard company. Although most are harmless, some include functionality like file sharing and storage, which can leave sensitive information and data vulnerable to access. This security gap is perhaps the most concerning issue, particularly given the impacts cyber-attacks can have on a company.
$3.86 million, the average cost of a single security breach for a business (IBM, 2020)
Digital security and cyber-attacks are concerns many organizations have cited in response to the global shift to home-working this year. It remains difficult for companies to implement the same stringent security protocols as they did in the office. There has been an increase in the reported number of phishing scams, dark web tactics, and corporate attacks in the past nine months. With many workers now relying on home networks and personal computers to carry out their tasks, many criminals are exploiting online vulnerabilities.
How can you prevent Shadow IT use?
1. Chat to your teams
This may sound overly simplistic, but by surveying your employees, you can easily establish what type of services and software they’re using and how often. You might find that many employees don’t actually realize they’re taking part in Shadow IT use.
2. Track your network traffic
By conducting a scan, you can identify the different systems and software using your network. If there’s a discrepancy between the amount you find and the number of approved programs, you know that Shadow IT is happening. It’s useful to schedule a scan at least once a year, as it will help give you a picture of the scale of the issue.
3. Identify what your current system is lacking
Shadow IT use isn’t a problem; it’s a symptom. Just as smoke is a signal of fire, Shadow IT is a sign that your employees aren’t getting everything they need from the current IT set-up. This can feel like a bit of a bitter pill to swallow; you’d like to think your organization is giving its people everything they need to do their jobs. But the reality is it’s hard for an IT department to fully understand and anticipate the demands and idiosyncrasies of any specific department.
Instead, you can look at this as an opportunity for improvement. IT and other departments can work together to identify gaps, places where systems can be improved, and how to do so safely and securely.
4. Implement technology solutions that limit Shadow IT use
Humans are curious by nature; it’s hard to avoid. We go places we shouldn’t; we touch things labeled ‘don’t touch,’ and we find ways to go around rules. Sometimes, the best solution is to guide people through prompts and nudges – like a fence to close off an out-of-bounds area or a ‘look right’ sign at a traffic crossing.
This is something we thought about at length when designing the Kiosk Mode feature of our meeting room solution. Sitting as the interface on your meeting room screen, Launcher’s Kiosk Mode puts the IT Administrator firmly in control of what can and can’t be accessed on the meeting room screen. Pre-authorized apps can be loaded and pinned to the home screen. The PIN-protected settings mean only those with authorization can make changes to the system – an easy way to eliminate Shadow IT platforms in the meeting room.
Would you like to see Launcher’s Kiosk Mode in action?
Want to stay in the loop?
Keep up-to-date with everything DisplayNote – including new releases, job openings, and customer giveaways.
Don’t worry, we’ll not spam you and we’ll never share your email with anyone