Zephyrnet Logo

Shadow IT: Not a Problem or Worse Than Ever?

Date:

Click to learn more about author Jay Chapel.

Shadow IT: you’ve probably heard of it. Also
known as Stealth IT, this refers to information technology (IT)
systems built and used within organizations without explicit organizational
approval or deployed by departments other than the IT department. 

A recent survey of IT decision makers ranked Shadow
IT as the lowest priority concern for 2019 out of seven possible options. Are
these folks right not to worry?  In the age of public cloud, how much of a problem is Shadow IT?

What is Shadow IT?

So-called Shadow IT includes any system
employees are using for work that is not explicitly approved by the IT
department. These unapproved systems are common, and chances are you’re using
some yourself. One survey found that 86 percent of cloud
applications used by enterprises are not explicitly approved.

A common example of Shadow IT is the use of online cloud storage. With the numerous online or cloud-based storage services like Dropbox, Box, and Google Drive, users have quick and easy methods to store files online. These solutions may or may not have been approved and vetted by your IT department as “secure” and/or a “company standard”. 

Another example is personal email accounts.
Companies require their employees to conduct business using the corporate email
system. However, users frequently use their personal email accounts either
because they want to attach large files, connect using their personal devices,
or because they think the provided email is too slow. One in three federal
employees
 has stated they had used personal email for work. Another survey found that 4 in 10 employees overall used personal email for work. 

After consumer applications, we come to the
issue of public cloud. Companies employ infrastructure standards to make
support manageable throughout the organization, manage costs, and protect data
security. However, employees can find these limiting. 

In our experience, the spread of technologies without approval comes down to enterprise IT not serving business needs well enough. Typically, the IT group is too slow or not responsive enough to the business users. Technology is too costly and doesn’t align well with the needs of the business. IT focuses on functional costs per unit as the value it delivers; but the business cares more about gaining quick functionality and capability to serve its needs and its customers’ needs. IT is also focused on security and risk management, and vetting of the numerous cloud-based applications takes time – assuming the application provider even makes the information available.

Generally, enterprise IT simply doesn’t or
cannot operate at the speed of the other business units it supports. So,
business users build their own functionalities and capabilities through Shadow
IT purchases. 

Individuals or even whole departments may turn
to public cloud providers like AWS to have testing or even production
environments ready to go in less time than their own IT departments, with the
flexibility to deploy what they like, on demand.

Is Shadow IT a Problem?

With the advent of SaaS, IaaS and PaaS services with ‘freemium’
offerings that anyone can start using (like Slack, GitHub, Google Drive, and
even AWS), Shadow IT has become an adoption strategy for new technologies.
Many of these services count on individuals to use and share their applications
so they can grow organically within an organization. When one person or
department decides one of these tools or solutions makes their job easier,
shares that service with their co-workers, and that service grows from there,
spreads from department to department, growing past the free tier, until IT’s
hand is forced to explicit or implicit approve through support. In cases like
these, Shadow IT could be considered a route to innovation and official IT
approval.

On the other hand, Shadow IT solutions are not
often in line with organizational requirements for control, documentation,
security, and reliability. This can open up both security and legal risks for a company. Gartner predicted in 2016 that by 2020, a third of
successful attacks experienced by enterprises will be on their Shadow IT
resources. It’s impossible for enterprises to secure what they’re not aware of.

There is also the issue of budgeting and
spend. Research from Everest Group estimates
that Shadow IT comprises 50 percent or more of IT spending in large
enterprises. While this could reduce the need for chargeback/showback processes
by putting spend within individual departments, it makes technology spend far
less trackable, and such fragmentation eliminates the possibility of bulk or
enterprise discounting when services are purchased for the business as a whole. 

Is It a Problem?

As with many things, the answer is “it depends.” Any given Shadow IT project needs to be evaluated from a risk-management perspective. What is the nature of the data exposed in the project? Is it a sales engineer’s cloud sandbox where she is getting familiar with new technology? Or is it a marketing data mining and analysis project using sensitive customer information? Either way, the reaction to a Shadow IT “discovery” should not be to try to shame the users, but rather, to adapt the IT processes and provide more approved/negotiated options to the users in order to make their jobs easier.

 If
Shadow IT is particularly prevalent in your organization, you may want to
provide some risk management guidance and training of what is acceptable and
what is not. In this way, Shadow IT can be turned into a strength rather than a
weakness, by outsourcing the work to the end users.

But,
of course, IT cannot evaluate the risk of systems it does not know about. The
hardest part is still finding those in the shadows.

Checkout PrimeXBT
Trade with the Official CFD Partners of AC Milan
The Easiest Way to Way To Trade Crypto.
Source: https://www.dataversity.net/shadow-it-not-a-problem-or-worse-than-ever/

spot_img

Mobile

Latest Intelligence

spot_img