Is shadow IT as shady as it sounds?

Shadow IT skulks in organisations big and small. The shade has spread in scope and volume across many businesses.

It sounds ominous. The connotations of technology operating in the shadows scarcely breed confidence. The term ‘shadow IT’ alone conjures images of the criminal world, of the dark web and security breaches.

But is it as shady as it sounds? Here, we shine a light on shadow IT.

Casting a shadow

First, what is shadow IT? The term refers to any business technology that’s used without the support or knowledge of the organisation’s IT department. This includes both hardware and software that’s unsupported by the IT team.

Shadow IT is on the rise for several reasons. One of the most prevalent reasons is its convenience. It’s much easier to just download or log in to your preferred application than it is to go to your IT department, make a use request, explain your need and (potentially) get it approved. This is further aggravated by impatience when having to wait for permission in the first place.

Shadow IT is also growing alongside cloud computing models. (For example, SaaS, PaaS, and IaaS.) As more and more useful applications are becoming easily available via the cloud, more people are choosing to use them to help with their daily workloads. They can instantly onboard with countless cloud-based offerings promising a quick solution to their problem.

So, shadow IT is a product of ready availability and rapid deployment. The outcome is that more activities and projects can and are being carried out with a third-party service, rather than through the internal IT department.

The risks of the darkness

Shadow IT can be a problem when mismanaged. The programs and devices that fall under the label aren’t vetted by the IT department. As a result, they carry with them the potential for risk and difficulties.

The most obvious risk of shadow IT is that of security. Unsupported applications don’t endure the same level of security checks as those the IT department approve. So, they are more prone to security vulnerabilities and issues. To make matters worse, if these applications handle any of your data, it can mean you’re facing compliance issues.  

Shadow programs can also present problems when it comes to system integration. They may not want to communicate with other programs in the system. As a result, data can end up in shady siloes, as information cannot flow freely through the business.

The benefits of the shade

However, when well handled, shadow IT can offer benefits to organisations.

To start, shadow IT has become a way for team members to embrace and enjoy innovation. It unlocks tools and ideas that might not have been available otherwise. This is particularly true for cloud computing applications in companies resistant to change. Shadow IT becomes a way to use new applications that make workloads easier to manage.

With the right shadow IT, productivity also benefits from a boost. The applications and devices that team members bring into a company are ones that they know how to use. They’re applications that suit your team member’s needs in the way they want.

So, teams can get on with the task at hand, instead of jumping through hoops. They don’t waste time trying to get the program approved. And, they don’t have to work with outdated solutions that don’t solve their pain points well enough.

What can you do about shadow IT?

The thing about unsupported programs is that they are increasingly unavoidable. However, so is your obligation to ensure security and compliance within your IT systems. So, here are a few tips to help you reduce the risks of shadow IT. 

  • Stay aware of what’s going on

Meet regularly with different departments and find out what shadow IT they use (if any). Have discussions with teams about any issues with the official approval process. Know where your data is and do your best to keep track of new devices and software.

  • Create policies for acceptable use

Establish clear rules and guidelines about new devices and applications. For example, not storing company data on an unapproved or personal program.

  • Make it easier to have an application or system approved

Where possible, streamline the application approval process. Make it quick and easy to get an application approved or rejected. You need to be able to not only listen to your team members, but to react to their requests efficiently. The approval and implementation process shouldn’t disrupt their day.

Not so shady

As with anything, ignoring and mismanaging shadow IT leads to more problems. But shadow IT doesn’t need to be as shady as it sounds. With the right level of understanding and preparation, it might be time to view shadow IT in a new light.

Useful links

XaaS explained: an as-a-service overview

GDPR and the dark web

Tech innovation: is our obsession unhealthy?