Do you know about a potential threat that could be exposing your organization to risks and even drag vital business functions down without you even knowing it? Shadow IT are information technology systems used within organizations without explicit organizational approval or oversight from the company’s corporate IT function. This can mean a variety of unauthorized systems that are being deployed by individuals and departments other than your IT department. A study showed a whopping 71% of employees are using apps not sanctioned by IT.
What are common Shadow IT practices?
•Unauthorized applications used by users within the organization
•Enterprise data being uploaded to unauthorized or unsecure portals
•Installation of unauthorized apps and web-based services
•Access to unsecure apps
•Programs downloaded from unauthorized or unsecure portals
Examples:
•Productivity apps (Trello, Slack, Asana )
•Messaging apps on corporate-owned devices (Snapchat, WhatsApp)
•Physical devices (flash drives, external drives)
•Cloud storage (Dropbox, Google Drive)
•Communication apps (Zoom, Skype, GoToMeeting)
Technology now comprises 29% of marketing budgets. Shadow IT is so easy to commit that anyone with a business credit card can line up a cloud-based solution designed specifically for their team or their line of business. Many are doing so with no regard for their IT team, procedures, and overall security. Based on a report from Cisco Cloud Consumption engagements, on average, large enterprises use over 1,200 cloud services, with over 98% being Shadow IT. Because you can’t protect what you can’t see, businesses are having a hard time keeping up with the explosion of unsanctioned devices, applications, and software. Most organizations run well over 100 different applications, some as many as 1,000. When IT professionals are kept in the dark on all the technology applications being used in their organization, it can become extremely challenging to protect an organization’s data and systems, leaving IT flying blind.
What Is the Cost of Shadow IT?
No matter the size of the organization, Shadow IT has a profound impact. A recent study from a leading storage vendor suggests that data loss and downtime cost a total of $1.7 trillion each year. In 2003, the average U.S. company spent around 3.7% of revenue on IT or an average of $10,000 per employee. With Shadow IT, communication becomes an even bigger problem. Different departments within the organizational chain won’t tell others about the third party solution they’re using. This can cause multiple departments to be licensing the same solution without anyone knowing. Thus, the company is unknowingly stuck with paying duplicate fees.
The largest potential hidden cost of Shadow IT? Security. IT departments cannot secure data or software if they don’t know it exists. This makes screening new software for security risks or enforcing proper security procedures nearly impossible. So, how much does a security breach cost? It varies, but according to one recent survey, the average total cost of a security breach can cost over $4 million! The repercussions are businesses being forced to shut down or having to reduce their operations in case their sensitive data is leaked. Aside from monetary losses, Shadow IT can also affect the goodwill or reputation of an organization.
How to Overcome Shadow IT?
So, how can you manage the use of unauthorized technology and eliminate Shadow IT in the workplace? For one, creating direct roles and assigning leadership positions can help you regain control (it’s important to understand that IT is a part of a larger team that needs to make technology decisions). Having an effective representation from IT, business unit leadership, and organizational leadership is a valuable team model that can cohesively make and manage technology decisions. Understanding the goals of every department is crucial when prioritizing technological needs. If all departments aren’t considered during the scoping process, you may find yourself backtracking, later on, to solve for specific department issues that were not considered early on. This is how Shadow IT can easily slip through the cracks when needs aren’t being addressed.
Who should be responsible for shadow IT: the individual, the IT department, or the vendors and developers of each application? Ultimately, the only way to improve security for Shadow IT and decrease its activity is by teaching users to become more aware of the potential risks of all technology.
To work together successfully as an organization, it’s more important now than ever, to have technology conversations that happen with representation from all parties. Open lines of communication throughout the technology decision-making and deployment process are imperative. That’s why conferencing solutions like Syntela are built to work with your IT department, and never behind their backs, so all departments are communicating effectively. Syntela’s platforms easily integrate with existing workflows and tools to suit your organization.
Contact the experts at Syntela Conferencing today so that your business gets the solutions they want and your IT department gets the peace of mind it needs.