Search I95 Business Magazine




Is Shadow IT Undermining your Profits and Security?
Although Seen As Convenient, Shadow IT Can Cause Real Harm

June 2017

Toby Musser, CEO and owner of MNS Group

Once upon a time your IT department or Managed Service Provider held the only keys to the digital kingdom where you needed to access to work: they controlled the software you purchased, the computer you worked on and the manner through which you shared documents with the rest of the kingdom and world. A new digital democracy has placed technology firmly in the hands of digital citizens. Now apps can be purchased instantly with not a whisper to IT on your smartphone or tablet, cloud storage and software that allows you to work collaboratively is ubiquitous. Sometimes referred to as “Shadow IT,” these information systems or solutions are used every day inside organizations like yours and have not been approved or vetted by your IT service provider. OneDrive and Goggle Drive, Dropbox, Box, unencrypted USB flash drives, Google Docs, personal email like Gmail, apps and working with sensitive data on your personal device all fall under the masthead of Shadow IT. While this freedom to download has unleashed productivity, allowing people to work from virtually anywhere, it can undercut profit and open up businesses to security breaches and liability – picture employees lowering ropes over castle walls for thieves to ascend. Most IT departments have no idea how many Shadow IT programs are used in their companies – it is sometimes even referred to as Stealth IT – and they are the ones tasked with securing and optimizing that very same environment for their users. IT departments can’t secure data or software if they don’t know that it exists or where it exists.

Why Shadow IT?

Perceived Productivity Gains, Varied Hires Across Industries

It is easy to see why Shadow IT is heavily used: with the competitive pressure in the marketplace, employees have strong incentive to search for speedy solutions to enhance the quantity and quality of work. A quick search on their personal phone will yield countless apps providing myriad solutions to their work day conundrums. What can be seen as a simple and cost-effective solution is often a misconception though – cheap apps and unsecured cloud solutions can ultimately be quite costly. Even the way current hiring is structured provides justification for the burst of Shadow IT use – companies are often comprised of a mix of full-time, part-time, temp-to-perm hires, interns and maybe even offshore resources or project specific employees working in diverse locations who need to be in constant collaborative environments.

To work effectively individuals will look to cloud solutions enabling them to share documents or seek out apps to address a specific need. Unfortunately, less than seven percent of cloud services are created for business use and considered “enterprise ready,” according to cloud service Netskope in its April 2017 Cloud Report. “From our experience, around 90 to 95 percent of cloud services that we find are unsanctioned services,” says Jervis Hui, senior security strategist for the company, “These are lines of businesses adopting niche apps for specific purposes, but without the knowledge of management.” What that means for businesses is that the software can crash, taking your data with it – as well as poor security measures with little or no customer support. Since IT departments are not in the loop, there are only limited ways to mitigate risks. Lost money, lost time, lost data – pretty risky for businesses of any size.

Vulnerabilities & Expense

Vulnerabilities in cloud infrastructure allow for able cyber-attacks – especially when updates are not run, leaving outdated versions exposed and two-factor authentication is not turned on. Malware spreads through documents and files shared in cloud storage and often collects data – one recent report from the Ponemon Institute suggests that it takes an average of 98 days for an intrusion to be detected. This leaves sensitive and proprietary data able to be shared.

Sometimes employees in the same unit will unwittingly purchase the same software multiple times – multiplying the company spend on an identical product. Gartner, a tech research firm, reports that by the end of the year 50 percent of enterprise IT expenditure is happening outside of the corporate IT budget. This can make for some embarrassing situations, too: if there are a bunch of apps and systems that can’t speak to each other (because IT doesn’t know about them) there may be customers receiving multiple invoices or multiple emails. That customer may perceive disorganization and not wish to risk trusting you with their business. Worse, without any insight from the IT department or Managed Service provider, the downloaded software or tool may contain bugs or security flaws that could affect the entire network’s security. With no oversight from the IT department to make certain the patches and updates are made companies leave the drawbridge down wide open to attacks.

What is the Solution?

As with any relationship, communication is key. Companies need to have a hand-in-glove relationship with their IT department or Managed Services Provider – a true partnership. IT is tasked with carrying out company policy and securing and managing technology. According to a study by Accenture, 44 percent of employees are dissatisfied with the devices and software provided by their employer and nearly half of those respondents say they will use consumer applications for work instead. If there are roadblocks to productivity, a good IT company will be able to provide secure, efficient and agile solutions while allowing tools that work well for staff. An attitude of cooperation is imperative – if an employee is using or considering a solution, they should feel free to share it with IT both to see if that app or software is already in use in the organization to avoid redundancies, or to see if it can be vetted for integration into the current environment. IT providers who offer the most comprehensive service will engage management and department heads to identify where there are problem areas that need attention and solve it at the root, minimizing the temptation for employees to search for their own less optimal solution. Sharing future plans for growth allows for advance planning that can minimize knee-jerk spending on less than enterprise-ready apps.

IT companies need to be open to conversation equipped with best practices to recommend and proffer policies and a can-do attitude instead of just a “lockdown everything” mindset. Trust is key between companies and IT to find a balance between embracing innovation and staying safe and compliant. I95 Content Marketing

Toby Musser is a serial entrepreneur and is CEO and owner of MNS Group, a technology outsourcing and consulting company based in Bel Air and a trusted leader in company IT management, offering managed services to support small businesses and their humans. Musser lends his time volunteering with various civic and faith based organizations believing truly that to whom much has been given, much is expected.