Shadow IT is a growing problem, especially with the emergence of the cloud. Users can easily obtain cloud services simply by filling out a form and entering a credit card number. In fact, Gartner estimates that shadow IT comprises 30 percent to 40 percent of IT spending, while Everest Group research found that more than half of IT spending is tied to shadow IT. Of course, itβs virtually impossible to measure the full scope and cost of shadow because users arenβt going through proper channels.
Shadow IT comprises any technology, application or service that is used without the approval or knowledge of the IT team.
For example, if an employee uses Dropbox to share files without going through protocols for requesting, acquiring and using such applications, this would be considered shadow IT. Even an employee-owned smartphone is part of shadow IT if the device hasnβt been approved for work use. Shadow IT can also include popular services like AWS and Salesforce if subscriptions donβt go through the IT budget.
The reasons users turn to shadow IT are straightforward.
βIf users perceive the organizationβs approved tools to be inadequate and discovers other tools that can help them be more productive, theyβll replace what they feel is not working with something better. Going through the process of making a request and awaiting approval, which may never come, is more of a hassle than itβs worth. Employees also prefer to use familiar, easy-to-use tools that are compatible with their devices, whether or not theyβre approved by IT.
The term βshadow ITβ has a bit of a dastardly connotation, but many of the tools arenβt inherently dangerous, and employees are rarely acting with malicious intent. They just want to find a better way to get their work done.
Problem is, users either donβt know or simply ignore the risks they create in the name of convenience. Gartner estimates that about one-third of successful attacks on organizations will be carried out through shadow IT tools. Thatβs because IT doesnβt have visibility or control of unapproved tools and services, which leads to security gaps that make systems more vulnerable to attack.
Beyond security risks, shadow IT can cause performance issues when certain software isnβt compatible with core IT infrastructure. More tools competing for bandwidth can also create connectivity issues. If IT doesnβt know a tool exists, they canβt back up the data used within that tool, which increases the risk of data loss. Data becomes siloed and, therefore, more difficult or even impossible to manage and monitor. Additionally, many shadow IT tools donβt meet regulatory standards and could lead to unpleasant surprises during a compliance audit.
You may never eliminate shadow IT, but there are ways to rein in shadow IT and limit risk while keeping employees happy.
βWhat shadow IT tools are being used and why? Do they present a security risk? You may find that your employees are right, and your organization should be offering something different. Evaluate shadow IT tools and see if it would make sense to bring them out of the shadows. Explore new tools that would deliver similar benefits with less risk. Also, consider segmenting your network so that employee-owned devices and tools wonβt affect business operations.
ICG can also help you leverage the cloud to create an IT environment that makes employees less likely to turn to shadow IT. Let us show you how to offer tools and services in a way thatβs more flexible, more accessible, and more aligned with the needs of your employees.
.png)