Defining Shadow IT and Its Risks
IT administrators are pretty particular about what software is used on the networks that they manage. This is not because we have any vested interest in the software itself, it’s because of the inherent reliability of the software they manage. They’ve tested it, they manage it, they know it. When an organization starts dealing with employee-downloaded software–especially if there is no procedure in place to report additions to IT–they can quickly lose control over the network.
The software that isn’t properly vetted (or even reported most of the time) is called shadow IT. Since it’s the IT administrator’s job to oversee the data security and overall effectiveness of your company’s technology deployments, shadow IT can present them with a bunch of risk. IT administrators hate risk. Today, we’ll take you through the good and bad of shadow IT.
Shadow IT is Bad
Most of the people that work with a computer have been working with similar technology for a long time. While they aren’t IT experts, they know what software works best for them. That experience will often result in them downloading software that hasn’t been approved by their company’s IT department or outsourced IT service vendor. This software, while useful for the user, may be a major problem for an organization, for several reasons.
The main issue is that any software that is downloaded may come with adware, spyware, malware, vulnerabilities, and other nefarious code that can put a business at risk. Worse yet, that software isn’t known to your IT admin, keeping it from the routine maintenance it needs to keep it from being a vulnerability. If your business carries vulnerable software, it can create a breachable hole in your network. So, while you may not see continuous problems, risk is magnified.
What are the risks? Here are a few:
- A lack of security – Without the visibility and control over network-attached resources, IT management becomes much more difficult. If there is a potential that a piece of software can put a hole in your network, you are compromising the network’s security.
- Problems with performance – If the tool that’s implemented doesn’t mesh with the system it’s installed on, the app’s performance–and thus the user’s–will be compromised.
- Compliance problems – If your organization needs to meet certain compliance standards, the presence of unmanaged software makes it almost impossible to meet said standards.
- Data loss – If IT management doesn’t know that a software is on the network, it won’t be covered by organizational backup strategies, meaning work completed using shadow IT apps won’t be backed up.
The minute you understand the risks, it becomes clear why IT admins typically don’t like shadow IT at all.
Can Shadow IT be Good?
Risky behavior can be a major problem for a business. It can also result in significant reward. According to a study conducted in 2019, there is a shift in the way that IT admins are looking at shadow IT. This is mainly the result of organizations looking to improve productivity and to use available capital more effectively. For the detrimental risk that shadow IT can bring a company, there is an opportunity to save time and cut costs.
The study, which included 1,000 IT professionals, showed that a whopping 77 percent believe that embracing shadow IT solutions can help a company innovate quicker than their direct competition. That’s not all.
- 49 percent said that shadow IT boosts productivity.
- 45 percent said that shadow IT helps promote employee engagement.
- 40 percent said that shadow IT helps promote adherence to IT security requirements.
- 40 percent said that shadow IT would help reduce employee turnover.
Effectively, two-fifths of IT admins said that shadow IT’s detriments could be ignored. That’s not to say that I know any IT administrator that would be totally okay with having unsupported applications on company-owned machines. Not one would deliberately put a gaping hole in their organization’s network to boost productivity.
What they would promote is the use of shadow IT that is brought onto the network through employee-owned devices. This practice is being shown more leniency now more than ever. After all, IT admins can’t possibly be responsible for every piece of software brought onto the network by employees. They bring laptops, and tablets, and smartphones, and IoT devices, and with all those devices, there are bound to be programs that IT admins typically wouldn’t want on there, but would accept if it kept decision makers happy and productivity high.
If you would like to learn more about shadow IT, what constitutes shadow IT, or have any other software and maintenance questions…