Hiding in the shadows – What is Shadow IT?
When you hear the term ‘Shadow IT’, you might think of a hacker in a dark room with some eerie music in the background. The truth is much less sinister. It refers to the use of hardware and software that hasn’t officially been approved or managed by an IT department in an organisation. The reasons for this could be completely innocent, for example an employee has found a software that means they can be more productive at work. If the IT department doesn't know about it though, it becomes a security concern.
Where does it come from?
Anyone with a smartphone or personal laptop/tablet, which is virtually everyone in some capacity, has access to a massive range of apps and cloud services. These are usually quicker, simpler and more accessible than the average corporate IT portfolio. So it’s not surprising that lots of employees decide to go ‘off menu’ and find their own ways to increase productivity.
Shadow IT can come in many forms, both digital and physical. For example:
- Gmail
- Apple AirDrop
- Personal laptops
- Tablets
- Smart phones
You may not even realise you’re putting your business at risk by using Apple AirDrop to send work-related screenshots to a colleague. But, if your company hasn’t approved a particular app, tool or device, you could be exposing yourself and your colleagues to a data breach.
The dark side
When it comes to Shadow IT, security is the concern. You can’t protect what you don’t know about. Say your house is built with two doors. You alarm both doors in case of intruders. Someone comes along and adds two more doors without you knowing. You can’t alarm them, as you don’t know they’re there. Intruders can sneak in from either angle and you’ll be none the wiser.
With Shadow IT, your IT department has tested the apps that your company has approved, so they’re secure. They haven’t tested the ones you’ve installed, so who knows how safe they are?
Your IT department is aware of the software and applications that the company has asked them to install. They’ve run tests, carried out the right updates and know what to do if something goes wrong. What they don’t know is whether your personal laptop has the correct security to prevent data breaches. Or whether your WhatsApp messages are being seen by people they shouldn’t. They could have some knowledge of the type of apps you use, but without proper checks, a vulnerability could open your data up to criminals.
Not only is security an issue when it comes to Shadow IT, but you as an employee can cause what’s known as an ‘app sprawl’. We promise, it’s not as creepy as it sounds! This basically means that you’ve downloaded or purchased apps or solutions that are the same as/similar to the ones that your company already has.
By doing this, you’re wasting company time and money. Why? Well, the IT department needs to check these apps, which will take time. Plus, if you’ve already been taught how to use the company approved apps and are now teaching yourself how to use different ones, you’ve wasted the time that it took to train you.
Zero to hero
It’s not all doom and gloom though, as much as it might sound like it. Shadow IT has a good side. For example, maybe you’ve found an app that works better than the one your company currently recommends, meaning you and your colleagues are more productive. You’re saving money and time for the business instead of wasting it. But you need to run anything by the IT department and relevant colleagues first. Otherwise you walk the thin line between losing time and gaining it. The IT department can check to make sure everything is safe and, if it works in a positive way, make whatever it is usable company-wide.
Communication is key
Good news! Shadow IT isn’t an unstoppable force and there are ways you can help prevent data breaches in your company.
Communication is key. Without it, you, the IT department and other employees will be disconnected. 53% of CIOs and IT directors can’t say exactly how many applications are running within their company. That means that all of those companies can’t guarantee the safety of their data. Have open conversations with employees so that they understand the dangers and risks. Shadow IT isn’t a common household name. Maybe they haven’t heard of it or maybe they very innocently downloaded something that helped them work better without knowing what that could cause.
By having conversations with employees, you’re also opening up the opportunity for them to say what is or isn’t working about the IT that’s being used. It’s a way for you as a company to improve. Look at how employees work and find solutions that fit their needs. It’s always a good idea to track the suitability of tech regularly. You don’t want to be left in the stone age with software that your employees hate!
Get protected
Keeping your data safe and making sure your IT is up to scratch is so important when running a business. It not only affects you as a business owner, but your employees and colleagues too. So what happens if your data gets wiped by an app that your IT department didn’t test? Data loss could set you back months in terms of workload.
Acronis Cyber Protect is a secure backup solution which keeps everything in one place. You can schedule automatic backups as often or as little as you need, so you never have to worry about losing data. Plus, keep a copy of your data off-site, so if disaster strikes your backup is always safe with us. And with amazing features, like antimalware, antivirus, Acronis Console and CyberFit score, you’ll be at the top of the game when it comes to security.
Choose from one of our packages and get protected!