What is Shadow IT - and can you utilise it?
By John Gillon, Senior Business Solutions Manager at SAS
Shadow IT: Does it represent a threat or an opportunity for organisations?
The debate around the risks and/or benefits of Shadow IT is still ongoing with no real immediate resolution available. Shadow IT solutions, while outside an organisation's approved IT infrastructure, can help to improve productivity and drive innovation, but at the same time, the security risk presented by these unpoliced third party solutions cannot be overlooked.
And, with Gartner’s report on the top 10 security predictions for 2016 highlighting that Shadow IT would account for a third of the cyber-attacks experienced by enterprises by the time we reach 2020, we ask the question: is the use of Shadow IT a threat or opportunity?
For many organisations, despite being a neutral term, Shadow IT is regarded as a serious threat and something over which IT teams need to exercise stringent control. However, there is an argument to be had in favour of the innovation and rate of change it can bring.
In this insight article, we will discuss Shadow IT, its associated risks, how it can drive innovation and competitiveness, and why employees are turning to Shadow IT solutions in the first place.
“We recognise that if we tried to stop it, we would fail. And – also – we don’t want to stop it, because we know that great insights have resulted from some of these Shadow IT tools.”
First and foremost, what is Shadow IT?
Shadow IT refers to hardware or software built or deployed within an enterprise without the approval of the organisation's IT department. For many organisations, Shadow IT was born out of necessity and a desire to rectify critical problems quickly. Employees would grow frustrated with in-house software and hardware, as well as IT departments’ lack of technical expertise.
Consequently, organisation's most tech-savvy and forward-thinking employees would then go off to find or build their own solutions to fill the gaps within the current IT infrastructure. Cloud-based solutions and BYOD (Bring Your Own Device) initiatives provided them with the means to deploy external solutions as and when necessary.
However, while Shadow IT offers a solution to poor in-house IT infrastructure, it is also an organisation's biggest security risk. While these external solutions can drive productivity and efficiency, they are also susceptible to attacks because they operate outside the safeguard of corporate security systems and policies. In addition to the risk associated with the constantly expanding threat landscape, with the General Data Protection Regulation (GDPR) regulation coming into effect in May 2018, ensuring complete data security is paramount.
Therefore, the main challenge for IT departments is a matter of identifying, controlling and securing Shadow IT solutions.
How can organisations manage and utilise Shadow IT?
While the risks of Shadow IT are ever present, the incorporation of third-party solutions has resulted in organisations being able to obtain better insights, foster innovation, accelerate processes and be more competitive. Through Shadow IT employees can use open source programs to create their own solutions, aligned with the organisation’s processes and needs, eliminating delays and maximising productivity.
If organisations want to minimise the risks associated with Shadow IT solutions, then they need to regularly inspect their in-house IT infrastructure and identify any possible security breaches beforehand. Rather than discard Shadow IT, organisations should look to incorporate it into their operations securely, work with it, analyse it, measure it and enhance it. And, in doing so, they can then tap into the advantages these open source and/or cloud-based solutions provide.
So, is Shadow IT a threat - or an opportunity?
In many ways, while Shadow IT may be perceived as a threat to organisations, it also offers a great opportunity to identify areas for improvement within their own IT infrastructure. If employees are frustrated with the in-house tools they currently have and opt for external solutions, it is a clear signal that those organisations need to address and improve their existing IT infrastructure. If compliance issues can be addressed and a water-tight infrastructure ensured, Shadow IT can truly drive innovation and productivity.
To learn more about Shadow IT solutions, their risks and how organisations can utilise them to drive innovation and productivity, download our Shadow IT report below.