The IT department is responsible for all things IT. Sounds pretty straightforward, right? Wrong. Hidden in the dark and shrouded in mystery, shadow IT breathes. But what is shadow IT exactly? Today, we answer five of the most frequently asked questions about shadow IT.
The name says it all: shadow IT takes place in the shadows – and the IT department is left in the dark. In short, shadow IT refers to all forms of IT that take place outside of and without knowledge and/or approval from the IT department. Normally, the IT department uses its expertise to select or approve new hardware or software for the organization. With shadow IT, other departments than IT or individual users use tools or devices that the IT department doesn’t know about.
With the sheer amount of available web and cloud-based technologies and applications, using your own IT resources has become easier than ever. Anyone can easily download and use IT tools through a web interface with little to no involvement from the IT department.
Most business departments want to innovate faster than the IT department has resources for. According to this Gartner report, only 40% of total IT investments comes from the IT department itself. Business departments simply find their own solutions: they actively invest in IT software that supports their innovation efforts. This may include investing in a new application or platform or enlisting the help of an external IT consultant.
Bring Your Own Device (BYOD) is great for a number of reasons. For one, employees get to work exactly the way they want: whether they like using a Samsung tablet, a MacBook, or a Xiaomi smartphone. But BYOD also has a dark side. Using personal devices to log onto the company network may cause huge security risks. Especially when personal devices are outdated or use dubious software – a hacker’s dream come true. Keeping track of all devices? IT’s worst nightmare.
Find out which 5 IT security nightmares keep you up all night >>
Now that almost everyone is working from home, employees have to find new ways to stay connected to their team and coworkers. The solution? Online tools and applications such as Microsoft Teams, Miro, and Trello. Usually, a team or department simply downloads a new tool and the rest of the organization automatically follows suit. The result? A snowball effect. All of a sudden, the organization uses eight different tools – and no one has involved the IT department or thought about how these applications handle personal data.
Read all about maintaining security while working from home >>
Some departments are extremely responsible. So responsible, in fact, that they handle asset management themselves instead of having centralized asset management run by the IT department. Such departments have their own, private IT stock.
So, what happens when an employee leaves the organization? They hand in their laptop at their department and think they’re done. Weeks later, they get a call from IT, asking about the laptop. Meanwhile, the department has already handed out the laptop to a new employee. The IT department has no idea how many IT assets they have, where they are, and whether something is missing.
"If you can’t see it; you can’t control it" definitely rings true for shadow IT. Shadow IT creates invisible risks that the IT department can’t address because they don’t know about them in the first place. It also increases the attack surface of the organization, making it more susceptible to data leaks, for example.
The IT department is responsible for security, compliance, and privacy in the organization. Shadow IT poses a genuine threat to all three of these, especially in larger organizations. The more applications, tools, and devices there are, the harder it is to control them.
You simply can’t avoid shadow IT, no matter how hard you try. Using your own IT resources has become easier than ever with the boom in web and cloud-based technologies and applications. This doesn’t mean you should just accept it and move on. You should still shut down anything that’s actually dangerous or poses too great a risk.
But there’s also another solution: education. Invest in more awareness of how important security, compliance, and privacy are. Most users are simply unaware of the implications when they sign up for Trello or log onto the company network using an outdated device. Next, set up simple guidelines that users have to follow when using their own hardware or software, such as multi factor authentication.
To make the most of innovation and avoid the risks of shadow IT, the IT department and the business departments need to join forces. On the one hand, the business departments need IT for their knowledge and expertise. On the other hand, IT wants to make sure the business departments invest in a safe solution that they won’t have to lose any sleep over.
So how do you partner up with the business? Offer your services and make sure the business departments know where to find you. Take on an advisory role in every innovation project, from the orientation phase until the implementation of a new tool. A win-win situation: the business departments get to innovate, and IT gets to sleep at night (and profit from the business departments’ innovation and budget).
From shadow IT to swarming and ITIL - subscribe to our blog and get the latest service management content delivered straight to your inbox.