Shadow IT, also called Rogue IT, refers to any IT system installed onto another IT system without the approval for the IT systems manager. If you are part an IT team, you should know what I’m talking about: a project management SaaS software, non-validated spreadsheets, collaborative tools, online storage, or even hardware. Anyway, although in principle, Shadow IT can be a vector for innovation, it also incurs many risks for the company. Let’s take a look at this in detail: here’s a spotlight on Shadow IT!
Definition of Shadow IT
Shadow IT refers to the phenomenon where within an organization, a significant portion of computer usage can be done outside the control of the IT department.
For example, Shadow IT may involve:
- IT purchases made independently from the IT department
- Application usages that are made beyond its control (SaaS, for example)
- Shadow IT is even more extensive now with BYOD practices (Bring Your Own Device).
In 2012, a survey was carried out with 129 IT system managers and helped to create a list of the most frequently observed examples of Shadow IT:
- Excel spreadsheets that include macros
- Off-catalog software
- Cloud solutions
- Off-catalog ERP
- Decision-making systems
- IT hardware
- VoIP solutions
- Off-IT department technicians
- Projects kept away (or “in the shadows”) from the IT department
Now it’s 2017, and Cloud software (Software as a Service) and BYOD practices are taking more and more place in the computing revolution in companies. If you are an IT manager, you should find in this list several issues you may have had to deal with.
The risks of Shadow IT
Even if its name may seem a little frightening, Shadow IT is sometimes a vector for innovation! Users might try out a tool on their own in their own little corner, without going through approval by the IT department, and sometimes, a nice tool is discovered that can help the company to innovate. In a perfect world, our article could end here.
However, Shadow IT also significantly increases the risk of computer security. A computing tool set up without the IT department validating it could become a real security breach, creating an open door, which may result in theft or corruption of data.
Or even worse, the tools and applications used in the shadow of the IT department’s control may not include data backup procedures, which of course, would have been the case if the IT department had validated it beforehand.
Furthermore, Shadow IT can generate hidden costs. Indeed, if the IT department isn’t the one configuring and testing the tool, the user will have to do it: the departments of marketing, finance, HR, etc. which means they’re spending their working hours on this instead of on tasks they’re being paid for.
Finally, tools and applications that are executed in IT systems without the knowledge of the IT department may disrupt the user experience of other employees, for example, by taking up bandwidth and creating conflicts between applications.
Shadow IT in numbers
Despite the risks relating to data, security and the availability of information within the IT system we saw above, Shadow IT is making headway in organizations.
To better understand the issue, let me show you a few key figures about Shadow IT that will speak volumes more than any length of paragraphs:
- The most alarming number (and if you haven’t already seen this, dear IT manager, hold on tight!), according to a recent study by Frost & Sullivan, more than 80% of employees admit that they use IT solutions without approval from their IT departments.
- Out of the twenty-odd SaaS applications used by a company on average, 7 of them were never approved by IT.
Catch your breath! Most of these applications are available easily from any device: PC, smartphone or tablet. They are often free in their basic or trial version, and your users often use them every day. These include, for example, Trello, Dropbox, etc.
Don’t think that your users are naive:
- 42% of users acknowledge taking a risk of theft or loss of sensitive data
- 41% know that this data may be exposed to non-authorized persons
We now know that Shadow IT poses a risk for organizations, and that users are aware of these risks. This means that from a point of view of the users, the IT department doesn’t sufficiently meet their business needs and they have no other choice.
It’s the IT department’s job to find a solution to Shadow IT!
Punishment isn’t (necessarily) the best solution, so IT departments need to find ways to satisfy its users’ needs in terms of business applications. Validation procedures are long, deploying of applications is as well, not to mention managing updates. With a stock of 50 terminals, this might be tolerable, but what should you do if you’re managing hundreds or even thousands of terminals over several remote sites? This might be an extreme case, but it’s till something faced every day by many IT departments.
Luckily, our ceBox® solution meets these issues of Shadow IT by centralizing the management of terminals. That way, it’s possible for the IT department to quickly validate an application, deploy it and update it with only one click (fine, this might be an exaggeration; let’s say two click), even over all remote sites, sitting calmly at your desk.
Ask for a free customized demonstration right away by clicking here.