Shadow IT refers to the practice of using software and other systems outside of, and without the knowledge of the IT department. When it comes to small businesses you could replace that without the knowledge of the owner or manager.
As the use of SaaS software grows exponentially, so has Shadow IT. Employees now have the ability to bypass IT with software that’s available for a low monthly fee–or for free– with the click of a button.
The driving force behind Shadow IT differs from organisation to organisation. Sometimes employees believe it improves efficiency. They believe they need these tools to do their jobs.
Other times not involving IT is seen to drive down costs. Sometimes people simply grow impatient waiting on their organisation to make a decision.
Whatever the reason for its existence, Shadow IT brings with it five main risks. We cover each one in detail here.
1 Data Security and/or Loss
With the consumerisation of IT, even a smaller organisation may have hundreds of these applications in use.
The lack of visibility into where organisational data lies represents a security gap. Although some applications are harmless, others include functionality such as file sharing and storage, or collaboration, which can present big risks to an organisation–especially if these applications contain sensitive data.
Many organisations do not know where their data is stored and here are just a few stats to show how quickly this problem is growing:
· 39% of corporate data uploaded to the cloud is through file sharing applications
· The average organisation shares documents with 826 external domains
· Each employee uses on average 4 file sharing applications
If IT is not aware of these applications, then they cannot recover any data lost since no backups are in place. Additionally, IT certainly cannot ensure that these applications have the proper security settings in place to prevent bad actors from gaining access.
2 Compliance
Requirements for IT compliance are becoming increasingly stringent.
No matter the organisation, regulatory compliance is likely critical. There are numerous standards that businesses need to comply with–from GDPR to industry-specific regulations like HIPAA–and the use of shadow IT can potentially lead to fines for violating these compliance requirements.
Due to the inherent lack of control and transparency, unregulated public clouds make it impossible for companies to prove compliance with these regulatory requirements.
3 Finances
In addition to revenue losses, for example, due to data loss or disrupted business processes, severe financial penalties may be imposed on the company or members of management.
There are also other issues such as duplicate apps. There might be different email, file sharing, sales and marketing automation, project collaboration, messaging, and other cloud capabilities in use.
It’s easiest to illustrate the cost of this with an example. Let’s say your organisation has 200 employees with one department of 100 employees who prefer Slack over Rocketchat and another department of 100 employees who choose to use the duplicate Rocketchat app.
Your organisation is paying $12,000 for 100 employees who use Slack and $24,000 per year for those who use Rocketchat. That’s $36,000 per year for 100 people to use their preferred internal communications tool. There may even be a chance to migrate all of these tools to a free solution such as Microsoft Teams if you’re already leveraging the Microsoft 365 suite.
4 Inefficiencies and Productivity Losses
Shadow IT by nature is done without the knowledge of many people. Very quickly you can have many groups within the company with a similar problem who have selected a different tool or the same tool but have setup different accounts.
Since each team is administrating their own software often there are no standards or best practices and employees leveraging that software received very little training. Compare this to companies who standardise on a single solution. There because a centralise admin who you can ask for help and generally most employees can support each other since they are on the same system.
While organisations should aim for clear ownership and company wide best practices you sometimes just need to get the job done. However, we should do it with eyes wide open, meaning there should be a good reason for an employee to be a software administrator and the business should know who owns that software in the case of a billing, support, or something else comes up.
5 Poor Decision Making
Businesses can’t clearly manage what they don’t know or can’t measure.
Shadow IT plays a role in this confusion, especially around compliance. But, this lack of visibility surrounding data and how people make decisions manifests itself in lots of other areas that present a challenge to the business.
Many businesses need to plan budgets or make technology decisions for the months and years to come but without visibility into what you have today it becomes a challenge to plan for tomorrow.
How can you leverage technology smarter?
Managing Shadow IT is all about making intentional business decisions on the technology you use. To do that you will need the facts. The place to start is to gain visibility into what software your organisation is actually using.
Many businesses attempt to do this with spreadsheets and manual tracking however it quickly becomes too much overhead for someone’s job and the sheets get out of date quickly and the organisation keeps moving forward and the lack of visibility continues.
This is where Managed IT comes in. We are here to help you find out what software you are using today and to keep monitoring it tomorrow so you can reduce your risk and make more informed business decisions.
Learn more about how we can help you.