Sign up to save your podcasts
Or
Share Shadow IT and Its Security Risks - Managing the Unseen
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Shadow IT and Its Security Risks - Managing the Unseen
Cloud computing is beneficial. Many organizations already know this and are reaping the benefits cloud adoption has brought them: reduced IT costs, scalability, collaboration efficiency and, above all else, flexibility in accessing storage and software to meet their needs. Users can now more easily engage services and solutions that will make their everyday jobs easier.
That flexibility, however, is a double-edged sword. And you might be wondering how it can possibly be a bad thing, especially when it makes everyone work more efficiently. The thing is, many of those solutions and software your employees gain access to aren't under the governance of your IT department. While IT usually enforces policies that dictate the software, hardware and other resources used within the organization, with oversight regarding how they're used, the introduction of cloud computing means users can much more easily access resources they need with limited visibility from IT. So yes, using these resources can improve productivity, but their introduction without the governance and approval of an organization's IT department can lead to numerous security risks, data loss, non-compliance and exponential growth of the attack surface.
What is shadow IT?
When something is in a shadow, you don't know what it is. You don't know if it's malicious or completely harmless. How can you even begin to handle and manage something for which you have no overview? Well, your organization's IT has its own shadow. It's appropriately named "shadow IT". Shadow IT is the use of systems, devices, software, apps and services without approval from an organization's IT department. Most users who employ unauthorized solutions don't do it with any ill intention but to be more productive at their job. Shadow IT can include:
Hardware and physical devices - smartphones, tablets, IoT, flash drives, external drives. SaaS, PaaS, IaaS, and other cloud services - productivity apps, messaging apps, cloud storage. Data repositories such as spreadsheets with internal data. APIs. VPNs. Commercial off-the-shelf software.
Shadow IT is not all bad, though. While some may view it as a potentially dangerous nuisance that needs to be addressed and prevented, others see it as an innovation-driver and the natural manifestation of an ever-changing business environment's constant need to catch up. No matter what your stance on shadow IT, it's here and it's staying.
Why is shadow IT so prevalent?
If there are employees in an organization, there is shadow IT. Statistics show that 80% of end users use unapproved software and services. There was a time, under the shadow IT umbrella, when we saw a lot of software that impatient employees had downloaded and used, but it wasn't as prevalent as all of today's packaged software nor as easy to engage. Definitely not as easy as a click of a button, which the adoption of the cloud has introduced. Shadow IT now includes personal technology and devices employees bring in, which is propagated with remote work and BYOB policies. Rapid growth of the business landscape has increased the need for additional applications that can make employees' daily tasks easier and more efficient. With numerous businesses, productivity, storage, automation and other applications available in the cloud, they drive innovation, productivity and efficiency.
It's easy to see why they're so enticing and why employees don't hesitate to download and employ these apps.Some corporate solutions might not only be incompatible with users' devices, they might also be slower, outdated and less effective. Combine this with the often long and tiring process of seeking approval from an IT department, and we can begin to see why shadow IT is continuously growing. One thing is certain: shadow IT is inevitable, so it wouldn't be fruitful to "fight it", but to understand its risks and the appropriate way to manage it.
Risks associated with shadow IT
There are numerous cybersecurity risks associated w...
View all episodes
By SecurityTrailsCloud computing is beneficial. Many organizations already know this and are reaping the benefits cloud adoption has brought them: reduced IT costs, scalability, collaboration efficiency and, above all else, flexibility in accessing storage and software to meet their needs. Users can now more easily engage services and solutions that will make their everyday jobs easier.
That flexibility, however, is a double-edged sword. And you might be wondering how it can possibly be a bad thing, especially when it makes everyone work more efficiently. The thing is, many of those solutions and software your employees gain access to aren't under the governance of your IT department. While IT usually enforces policies that dictate the software, hardware and other resources used within the organization, with oversight regarding how they're used, the introduction of cloud computing means users can much more easily access resources they need with limited visibility from IT. So yes, using these resources can improve productivity, but their introduction without the governance and approval of an organization's IT department can lead to numerous security risks, data loss, non-compliance and exponential growth of the attack surface.
What is shadow IT?
When something is in a shadow, you don't know what it is. You don't know if it's malicious or completely harmless. How can you even begin to handle and manage something for which you have no overview? Well, your organization's IT has its own shadow. It's appropriately named "shadow IT". Shadow IT is the use of systems, devices, software, apps and services without approval from an organization's IT department. Most users who employ unauthorized solutions don't do it with any ill intention but to be more productive at their job. Shadow IT can include:
Hardware and physical devices - smartphones, tablets, IoT, flash drives, external drives. SaaS, PaaS, IaaS, and other cloud services - productivity apps, messaging apps, cloud storage. Data repositories such as spreadsheets with internal data. APIs. VPNs. Commercial off-the-shelf software.
Shadow IT is not all bad, though. While some may view it as a potentially dangerous nuisance that needs to be addressed and prevented, others see it as an innovation-driver and the natural manifestation of an ever-changing business environment's constant need to catch up. No matter what your stance on shadow IT, it's here and it's staying.
Why is shadow IT so prevalent?
If there are employees in an organization, there is shadow IT. Statistics show that 80% of end users use unapproved software and services. There was a time, under the shadow IT umbrella, when we saw a lot of software that impatient employees had downloaded and used, but it wasn't as prevalent as all of today's packaged software nor as easy to engage. Definitely not as easy as a click of a button, which the adoption of the cloud has introduced. Shadow IT now includes personal technology and devices employees bring in, which is propagated with remote work and BYOB policies. Rapid growth of the business landscape has increased the need for additional applications that can make employees' daily tasks easier and more efficient. With numerous businesses, productivity, storage, automation and other applications available in the cloud, they drive innovation, productivity and efficiency.
It's easy to see why they're so enticing and why employees don't hesitate to download and employ these apps.Some corporate solutions might not only be incompatible with users' devices, they might also be slower, outdated and less effective. Combine this with the often long and tiring process of seeking approval from an IT department, and we can begin to see why shadow IT is continuously growing. One thing is certain: shadow IT is inevitable, so it wouldn't be fruitful to "fight it", but to understand its risks and the appropriate way to manage it.
Risks associated with shadow IT
There are numerous cybersecurity risks associated w...