The Hidden Risks and Opportunities of Shadow IT

    Shadow IT, the undocumented use of equipment, software, and services unknown to a business’s IT staff can lead to serious consequences. Unmanaged technology can increase attack vectors, software licensing issues, critical data not being protected, and even tarnish your business’s reputation.

    It’s a problem that can be found in many businesses. Gartner estimates that Shadow IT accounts for 30-40% of IT-related spending in large enterprises and a survey by NTT Communications found that 83% of participants reported employees storing data in undocumented cloud services.

    Elements of Shadow IT are often introduced by employees with good intentions, looking for solutions to problems or new efficiencies without understanding the risks. From an employee’s perspective, this may be a way of removing red tape or an inefficient process that hinders progress. From an IT department’s perspective, it’s security issues, software-related fines, and other potential damages.

    While Shadow IT may seem scary, and when unchecked it certainly can be, it also presents you with an opportunity to find new ways to give your business an advantage.

    Shadow IT can be risky business

    Elements of Shadow IT discovered in businesses are most often pieces of software and services that offer a benefit to employees. The problem, however, is that the resources are not implemented with proper evaluation by your IT staff or other professionals. Valiant’s pyramid, a part of our philosophy on network design, begins with stability. Stability and all tiers of the pyramid above it are placed in jeopardy when unknown elements are incorporated into a business’s technology – and can prevent growth.

    Each piece of Shadow IT presents numerous risks. If an element’s origin is unknown and isn’t genuine, it can create additional attack vectors and piracy concerns. Beyond piracy, a single piece of unknown software can halt operations across an entire business and impact revenue generation.

    Undocumented software and services that are used to store data place your business’s information at risk. If an IT department is unaware of a piece of software in use, it and the data related to it is unlikely to be protected, your IT staff may not be able to provide a protection solution. If the data wasn’t protected and is now gone, it’s gone.

    Combatting Shadow IT

    Identifying and removing elements of Shadow IT from a business can involve many approaches from automated software to manual searching, and a combination is often used to perform a thorough discovery process.

    Microsoft’s Cloud App Security can be used to discover Shadow IT elements. Microsoft Cloud App Security is a security access broker that provides visibility, control over data travel, and analytics to identify and combat cyber threats across Microsoft and 3rd-party cloud services.

    Manually seeking data stored on your network that isn’t protected by backups is another way to discover Shadow IT elements within your business. Start by reviewing the amount of data, department by department, protected by your existing backup strategy. If you notice irregularities across backups over a period of time, for example, a decrease in data storage, you’re likely to find Shadow IT lurking nearby.

    Establishing firm policies on the use of undocumented software within your business can help prevent future occurrences of Shadow IT. A clear data protection policy, that outlines what information and locations on a network are protected will also help curb Shadow IT by making it clear that work performed by employees may be lost if undocumented software is used – making employees liable for data loss from the use of Shadow IT.

    Policies are often most effective when paired with training and Valiant offers Security Best Practices training for our clients, helping employees identify and understand common threats, and how to avoid them.

    Leverage Shadow IT to find opportunities

    The discovery of Shadow IT elements in your business can be a negative situation – with a very positive outcome.

    Employees often want to use the latest technology that will enable them to be more productive and collaborate with each other in ways that unlock efficiencies that cannot be reached with existing resources – and don’t want to wait for them to become available company-wide.

    If you discover Shadow IT elements in your business, don’t treat them like a security incident, but as a signal from your staff that it’s time to evaluate your current technology with the goal of improving operations, security, and other areas critical to growth.

    Are you concerned about the potential for Shadow IT to be lurking within your business? Contact our sales team to learn more about Shadow IT and how we can help turn risks into rewards.

    Matt has spent the better part of 2 decades building systems, managing IT departments, and developing websites and applications for the education, publishing, and technical service industries. As an MCSE...

    Continue reading

    Subscribe to Valiant's Monthly Email Digest

    Valiant's monthly email digest is filled with original content written by our staff, tech news, and business insights.