Tech Tip: For Your Business, Shadow IT Might Be Lurking

Shadow IT is a considerable problem for businesses that rely on IT in their operations. Let’s take a quick look at what Shadow IT really is and how it can impact your business. We’ll also discuss ways you can avoid it.

First, let’s define what Shadow IT is.

Simply Put, Shadow IT is Stuff You Don’t Know About

The best way to describe Shadow IT is any application that’s on your business’s network without the knowledge or approval of your IT department. Keep in mind that Shadow IT is not inherently malicious, however. It could be done with good intentions. But, according to the definition, if it is unknown to your IT department and unapproved, it’s Shadow IT.

Why is Shadow IT a Big Deal?

In most cases, Shadow IT is not malicious, and it stems from an employee hoping to do their tasks better. If one of your team members, for example, suddenly loses access to their preferred spreadsheet software, they might install something from the Internet just to get the job done quickly and efficiently rather than bother your IT department with the details. Unfortunately, this behavior can create problems for your business.

First, consider what’s happening when an employee downloads a program from the Internet. Who knows what else is coming along for the ride? A threat could easily be hidden within the code of their new application. The employee may also have downloaded an illegal copy of the software rather than having paid for it, which would of course be piracy. Compliance is also an issue, as the data involved with these software solutions might not necessarily be subject to the same protections as on your in-house network or systems. And that’s not even mentioning collaboration—how can your employees work collaboratively if they don’t use the same tools?

Despite the best intentions, Shadow IT can therefore create more problems than it solves.

Shadow IT Comes in Many Forms

Shadow IT can show itself in various ways, including:

  • Unvetted and unauthorized hardware and devices, used outside of a Bring-Your-Own-Device (BYOD) agreement
  • Cloud services that are not handled by the business
  • Software and applications that IT has not approved
  • Personal accounts being used to store your business’s data outside of your control

How to Deal with Shadow IT in Your Business

Here are some of the steps your business can take to mitigate shadow IT on its network. Your IT team needs to:

  1. Keep Track of All Technology Resources. A comprehensive list of IT resources can help you realize when something doesn’t quite belong. This list should be accessible to whoever does your routine network maintenance.

  2. Keep an Eye on Your Network. Similarly, monitoring your business’s network can help you determine when something isn’t going quite right. It can catch Shadow IT before it even surfaces.

  3. Keep Strict Guidelines in Place. Regulations and guidelines are not going anywhere, so you need to make a concerted effort to ensure your business — and your employees — are adhering to them. This might mean blocking the use of unapproved solutions until your IT department has had a chance to review them.

Shadow IT can pose some serious problems for your business if you don’t have a policy in place to handle unsupported applications. If you need more information about how to keep shadow applications off your network, or how to provide your staff the resources they need as a part of a supported software profile, give Computerware a call today at (703) 821-8200. To learn more, go to:

Alan Edwards, CISM, is chief information officer at Computerware, Inc., in Vienna, Virginia.




Leave a Reply

Your email address will not be published. Required fields are marked *