Is Shadow IT Making Your System Less Secure?

From mobile devices and tablets to laptops and smartwatches, the Bring Your Own Device or BYOD trend can be a blessing for employees, but not always for IT. Some would say that employees are often happier using their own devices. They may be more productive, increasing workplace engagement and have the ability to manage their work with their busy schedules. However, there is a caveat.

BYOD works best in conjunction with IT, with a thorough vetting process in place and strong security policy laid out. Otherwise, companies may find themselves in murky territory. According to IT Business Edge, 80 percent of IT pros report end users using unsanctioned devices and applications on corporate networks.

Shadow IT (or the use of unsanctioned devices and applications) causes a wide range of problems for an IT department and organization. They expose an organization to security vulnerabilities, risking both data breaches and compliance violations. Among the most common practices of shadow IT include the use of popular, consumer-grade technologies like Dropbox, Facebook and Google Drive, among others. What’s worse is when employees use collaboration tools in different departments without proper vetting. When it comes to enterprise data and the IT infrastructure, consumer-grade technologies can create a vulnerability.

How is it that shadow IT can pose such a danger to the security of an organization’s data, when it’s something that often makes employees more effective and saves time?  

A Lack of Visibility

When employees use unsanctioned applications to move and access files, IT lacks the visibility to see which files are being accessed, who’s accessing the data and where the files have been moved to. Of course, this can be a huge problem if those files are of a sensitive nature or, even worse, protected by compliance regulations. Visibility is critical to IT, allowing them to take a proactive stance in securing their infrastructure and managing their data.

Increased Security Risks

The greater security risks involved with shadow IT comes with misuse of unsanctioned mobile devices and applications, such as when an employee inadvertently shared proprietary data or sensitive customer information through an unsanctioned application. If the app was the victim of a breach and it was your customer’s data that was stolen, your organization would have to deal with the ramifications, from fines to lost business and reputational damage. 

It Doesn’t Really Save Time or Money

Shadow IT also tends to be a last-minute workaround. Unfortunately, when something goes wrong, the employees that used the unapproved workaround find themselves seeking help from IT. Sometimes IT can help, and sometimes not. In the end, it can waste a great deal of time trying to fix a problem that could’ve easily been prevented.