The dangers of Shadow IT for businesses
Shadow IT refers to the common practice when an employee or a department outside of IT install unauthorised applications or software for business use that are not approved by the organisation’s IT team.
This can pose major security threats for an organisation, as without the right consent, deployment of applications and software can be opening up an otherwise secure network to malicious cybersecurity attacks.
Many employees decide to use unauthorized applications because they offer better flexibility, collaboration or file sharing than some organisations currently allow.
Whilst many companies have strict rules about what information is shared outside of the organisation - with some even going as far as a ban on external hardware such as USB sticks or disks - these rules are quickly bypassed when employees are able to download free consumer file sharing applications such as Dropbox or Google Drive, and export or send company-owned files outside of the organisation.
Gartner predict that by 2020, a third of security attacks will be as a result of shadow IT resources.
This poses a great risk for organisations as without having a procedure in place to detect shadow IT applications, this makes the organisation extremely vulnerable.
In addition to this, it is more difficult for IT departments to detect between shadow IT and genuine bad actors infiltrating the system.
We are already seeing the real life consequences of this, with the CIO for the Department of Transport discovering it’s network was compromised by shadow IT after trying to roll out Microsoft Office 365 and finding hundreds of unauthorised devices across its sprawling network (CIO.com).
How do you overcome the use of Shadow IT in your organisation?
- Listen to your staff: Quite often employees are installing additional software or applications because their needs are not fulfilled with the current technology they have available to them. Business technology needs to make a substantial effort to keep up with consumer technology, as consumers are demanding technology that allows them to be ‘always on’, allowing collaboration, information sharing and social interactions at a time that suits them, and these consumers are also your employees. Many organisations are still stuck in the past and although their corporate infrastructure hasn’t evolved to cloud technology, the way their employees are working has. By asking employees the kind of technology they want to be using, you put the decision back in their hands but retain control, meaning your IT team can roll out the solutions people want to use in line with business systems management procedures.
- Bolster your security: A lot of these apps and consumer software tools are downloaded from the internet. An easy fix would be to filter these kind of sites so your employees can’t receive access. A simple block soon let’s them know that there is a reason the IT department wouldn’t want them to be accessing this kind of content, and therefore may encourage them to enlist the advice and support of the IT team, instead of going it alone. You also need to make sure you have the right network security in place to counteract any threats that could come along with these installs. Additional software means additional points of entry for an attack, so you need the right security in place to be able to detect threats before they happen.
If you’re interested in discussing with Smoothwall whether you have a Shadow IT problem, and how our solution may help you overcome it, contact us today.