Security Sense / Threats

Shadow IT: The hidden danger

- by Dustin Wilson - 3 Comments.
computer code
RSS
Follow by Email
Facebook
fb-share-icon
Twitter
Follow Me
Tweet
LINKEDIN
Share

Shadow IT, a term that just sounds insidious. Surely it is something that governments use as a tool for state-sponsored cyber wars, right? The term suggests hidden technologies, lurking in the background. Software and hardware that exist only for malicious purposes. Surely shadow IT is something dangerous, something to be feared.

You might be surprised to learn that shadow IT most likely exists in your organization. Even more shocking is that it almost certainly was not put there by an agent of espionage. Techopedia defines it as “IT solutions and systems created and applied inside companies and organizations without their authorization.” This term most often refers to solutions implemented by an organization’s own employees.  Is it dangerous? Absolutely.  Though you might also be surprised to learn that shadow IT is not always a bad thing.

Where does shadow IT come from?

A recently published article by Forbes explained what many in IT professions already know to be true: tech-savvy professionals are usually to blame.  The rapidly changing face of business often means that existing personnel find themselves overwhelmed by increased responsibilities. An organization’s employees may find themselves constrained by slow change management and product approval processes. That, combined that with ever-increasing workloads, leads IT personnel and other innovative professionals often to turn to unauthorized products to help them better manage their workloads and to be more productive.

Shadow IT is a broad term, encompassing all technologies that are not formally approved by an organization. It comes in many forms and can exist as unauthorized cellular hot-spots, personal computing equipment, or as software and services. Shadow IT is increasingly present in the form of cloud services as they present versatile capabilities that people are likely to use and become familiar with in their personal lives.

Dangers of shadow IT

Unauthorized and uncontrolled networks, hardware, software, and services present several challenges to keeping a secure and efficiently managed network environment. Unauthorized applications of a different version or type than what is standard for an organization can spoil data and introduce difficult-to-audit transactions.  This can pose a significant headache for organizations who must comply with federal, state, or local information protection regulations. Untested applications can also result in networked systems not operating as expected, creating more work for administrators who must troubleshoot problems. Also, because the unauthorized software is non-standard, it is generally not able to be managed and updated regularly, often leaving the network open to known software vulnerabilities.

Cloud services pose an entirely different set of troubles. Frequently, these services provide easy and portable online storage.  This is convenient for the individual who wants access to their personal files on the go, but can be detrimental to an organization with sensitive information to protect.  Cloud services such as Google Drive and Microsoft OneDrive allow individuals to easily upload any information onto internet-based storage using only their web browser. Because cloud services can very often be used through the web browser and are not dependent on a user installing software, employees can potentially use whatever they want without requiring administrative credentials.

Benefits of shadow IT

If it is a secret that IT personnel have long used whatever technology they want, it is not a well kept one.  They frequently create or find unique solutions to unique problems for the benefit of the systems that they are charged with administering.  Also, before the presence of cloud services, IT professionals were the frequently the only ones with the credentials to install software and the knowledge of the various products to be installed.  In the past, most tech-savvy employees were IT personnel, but as technology has engulfed our society, that is no longer the case.

Technological literacy is becoming the norm instead of the exception and companies are benefitting from it. Employees who work in specialized fields who also understand modern technology are in a unique position to find and suggest new technological solutions to their problems and challenges. As stated before, this is often the reason for the existence of shadow IT within an organization. Tech-savvy employees can identify products and services that improve their work efficiency and productivity, saving the organization time and money.

Addressing shadow IT in your organization

Acknowledging that you may have a problem is the first step to recovery. Simply ignoring the existence of unauthorized IT in your organization will not make it go away.  Unfortunately, the technological solutions to eradicate it may hamper the usability of your IT and would eliminate opportunities to improve business processes by embracing shadow IT. In their article on this subject, CIO explained how an organization can turn shadow IT into a strength.

Untested and unapproved products should not simply be allowed to exist. Instead, organizations can search for products that are in use and analyze how they impact their organization. By testing them in a sand-boxed environment, organizations can understand whether the products pose a threat to their network, how they interact with the rest of the network, and whether or not the products present compelling benefits. By embracing new technology proposed by the organization’s own employees, the organization can encourage their staff to self-identify potential solutions, rather than hide them.  This reduces the potential risks of having unknown and untested IT on the network and the organization can benefit from the ingenuity of its employees.

Related Posts

Employees are your lifeblood and your greatest threat

security

3 basic types of security controls to protect your business

lessons learned

Small business can learn a thing or two from big corporate data breaches

About Dustin Wilson

I have been working professionally in Cybersecurity since 2011. I earned my A.A.S. in Computer Science, a B.S. in Cybersecurity, and am currently working on a M.S. in Cybersecurity. Prior to working in this field, I was a computer programmer for nine years.

View all posts by Dustin Wilson →

3 Comments on “Shadow IT: The hidden danger”

  1. Wow that was unusual. I just wrote an really long comment but after I clicked submit my
    comment didn’t appear. Grrrr… well I’m not writing all that over again. Regardless,
    just wanted to say superb blog!

  3. I am just extremely impressed together with your writing skills and also together with the layout on the
    weblog. Is this a paid theme or have you customize it yourself?
    In any event keep up to date the nice quality
    writing, it’s rare to see a great blog this way one these
    days.

Leave a Reply

Your email address will not be published. Required fields are marked *