Home » Topics » Governance, Risk and Compliance » How businesses can overcome the risks of shadow IT

How businesses can overcome the risks of shadow IT

Avatar photoby Ben Rossi

With so much attention being given to shadow IT – the phrase coined for the increasing trend of employees going against their company’s IT policy to implement their own solutions and platforms – it would be fair to assume that the concept is a fairly new one.

As a problem faced by nearly all CIOs at various times, however, the challenge of shadow IT has a significant history.

In fact, any CIO rolling out a new IT system or initiative will probably have a tale or two about one or more employees not agreeing with the approach and installing their own software instead. So what is it that has suddenly thrown shadow IT into the spotlight?

>See also: The dangers of shadow IT

The main difference is the scale of the problem. According to a recent report commissioned by Telstra, more than a third (36%) of IT decision maker respondents already find shadow IT a challenge.

This rise is likely to have come as a result of the cloud and the rise of software-as-a-service (SaaS) solutions, which have made applications easier for employees to download, enabling them to sidestep a company’s infrastructure and their IT department’s control.

The risks

Before overcoming the problem of shadow IT, businesses’ IT departments first need to take it seriously. While the temptation for CIOs might be to turn a blind eye to shadow IT on the basis that as long as employees are happy and productive, they can use whatever programme they like, this leaves their businesses open to a number of risks.

Among the most serious of these risks is data leakage. Applications not sanctioned by the IT department but being used by a workforce will inevitably have a large amount of sensitive corporate data stored on them, but will lack the company control over that data which there would be if a company-wide system was in use.

Compliance breaches and business inefficiencies are also associated with shadow IT. When applications and software are developed, interoperability with competitors’ programmes is not a big priority for the manufacturer. This means that many of the applications and software being used by employees don’t communicate with the tools being used by their colleagues, potentially leading to decreased productivity.

Finally, and perhaps most importantly, shadow IT poses a risk of hidden costs. In other words, while businesses looking to cut outgoings may think that letting employees bring their own solutions in is a great way to save a few pounds, the cost implications of the aforementioned risks are likely to exceed the original risks and costs saved by not addressing shadow IT in the first instance.

Impact on business continuity

All of these risks, while serious enough on their own, also carry the much greater threat of impacting on business continuity.

Those businesses turning a blind eye to shadow IT and, therefore, not ensuring that the cloud vendors they use across the business have strong business fundamentals, have no guarantee of what would happen to corporate data in the event that the various cloud providers being used by their employees went out of business.

There have been instances, for example, when customers of a cloud provider have been given just one month to move their data or risk losing it forever. These types of abrupt changes lead to significant challenges in maintaining business continuity.

The same can be said about dealing with shadow IT in the event of disaster recovery. Even if an IT department has managed to record a complete overview of all the technologies a company is using, including those employees have brought in themselves, the restorative processes that would be necessary to bring these systems back online in a crisis scenario would be highly demanding, unreliable and inefficient.

IT departments should be able to restore data and applications in a unified manner, with the assurance of recovery point and time objectives that offer certainty in unpredictable times.

Linked to this is the issue of reputational damage, which is associated with every aspect of shadow IT discussed so far. Talking about data leakage cannot fail to bring to mind the number of high-profile cases involving breaches of highly sensitive information like bank details, while losing data and not being able to get systems up and running can be equally damaging to a company’s reputation.

With shadow IT, the lack of a trusted cloud provider means the burden of responsibility falls very much on the shoulders of the company and if it falls victim to one of the risks, it will be seen as not having done enough.

Overcoming the obstacles

When it comes to tackling shadow IT, then, many organisations are likely to draw the conclusion that a blanket ban is the best way of negating the risks. This, however, is not necessarily the case. Users today are becoming increasingly tech-savvy and not going to be content using yesterday’s technology.

The Telstra report found that the organisations that had the edge over others when it came to IT were those that listened and worked with their employees to implement new technologies.

While this might sound relatively simple, the research found that almost half (47%) of IT decision makers thought their organisation had higher priority IT projects than delivering technology that met the needs of end-users – making the emergence of shadow IT completely understandable.  

>See also: 5 ways to deal with shadow IT

The more accomplished IT users also identified more than half of the available collaboration tools to enable the organisation to embrace remote working. Adoption of these collaboration technologies was again more than likely to be a result of demand from end-users. This shows the increased importance of IT departments ensuring that end users are being listened to, in order to retain control of the technology infrastructure and use.

According to the report, the most commonly requested tools are laptops, remote working, online document storage, smartphones and tablets, and remote access to corporate applications. 

This range of collaboration services helps organisations communicate in better ways across time zones, cultures and geographic borders, enabling them to embrace tomorrow’s working environment today and fulfil end user expectations. The benefits of this, just like the risks of shadow IT, are felt across the business – maximising overall productivity, increasing satisfaction, and limiting the impact of shadow IT.

 

Sourced from Tom Homer, head of EMEA and the Americas, Telstra Global Enterprise and Services

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics

Shadow IT

Related Stories

Governance, Risk and Compliance

Two ways to improve GDPR enforcement

Martin Davies of Drata explains how GDPR is currently enforced and how enforcement could be improved across the European Union

Governance, Risk and Compliance

Four in five IT leaders concerned about data compliance

Cloudera research reveals that 79 per cent of IT leaders see compliance as the main data management concern, despite widespread investment

Cybersecurity

3 cybersecurity compliance challenges and how to address them

Earning those trust seals can strengthen relationships with board members and prospective customers, but it sure isn’t easy.

Governance, Risk and Compliance

What unbundling Microsoft Teams will mean for EU customers

In the midst of an EU antitrust investigation, Microsoft Teams is now set to be offered to businesses separately from its Office suite