Gartner calls shadow IT “IT activity that occurs outside of IT.” It is a direct consequence of the rise of consumer technology, the cloud, and mobility, and is often driven by a perceived need among end-users for having the best tools without going through the IT department.
Chances are, there’s shadow IT going on in your organization, even if you don’t think it’s happening.
By next year, an estimated 35% of enterprise IT expenditure will be managed outside the IT budget, according to Gartner, and nearly half of IT managers in Europe are concerned that shadow IT poses a big security risk to their organizations.
Beyond the financial risks of non-IT departments buying IT, organizations in which shadow IT is uncontrolled assume a certain amount of risk. Suppose one department circumvents IT and starts using a cloud-hosted CRM solution. If the solution provider experiences a breach, would the organization be exposed to legal risk based on compromised customer data? It’s the kind of thing that might only be revealed when someone files a lawsuit. Yikes!
Top Shadow IT Apps
Here are five of the most-used shadow IT apps, listed alphabetically:
• Apple iCloud – iCloud has been hacked in the past, as Wired reporter Mat Honan can attest. His iPhone, iPad, and MacBook Air were remote-wiped, and Honan believes the breach occurred when the hacker used social engineering with Apple tech support to gain his password.
• DropBox – which is popular for both personal and business document sharing, and which has suffered multiple breachesof usernames and passwords.
• Facebook – which is known to collect information from the user’s device. In fact, class action suits have been filed against several apps, including Facebook, for accessing users’ address books.
• Gmail – which suffered a compromise of nearly half a million email addresses and passwords in July 2012. Many people don’t realize that once they download an app, the app is already past the mobile device’s security and firewall requirements.
• LinkedIn – which also suffered a security breach in 2012, that resulted in a class action lawsuit (that was dismissed), and a major effort by LinkedIn corporate to add better security.
Is Shadow IT the IT Department’s Fault?
The IT department may be at least partly to blame for an increase in shadow IT in some organizations.
So is shadow IT the fault of over-eager end-users, or IT departments that are too mired in sluggish delivery processes? Probably a little from column A, and a little from column B. In some organizations IT probably does act too slowly, and there are plenty of end-users who want to use exciting new tools thinking it will make their jobs easier. But there are also cases of organizational executives pushing the use of new technology to increase productivity and solve customer problems quicker, which can cause shadow IT to proliferate.
When an IT department is alienated from end-users, and end-users think that IT doesn’t listen, they may seek out their own solutions as a reaction against their ideas being repeatedly shot down. This can be very risky, and the only way to keep it under control is for IT to have a healthy relationship with end-users throughout the organization.
Can Your Organization Eliminate Shadow IT?
Stamping out shadow IT can be nearly impossible. But as IT’s role moves beyond maintenance toward making business processes more efficient, they have an opportunity to curb abuses of shadow IT without alienating everyone. The cloud lets IT consolidate and improve security and compliance, while showing it’s aligned with overall business objectives. Controlling shadow IT may require IT to revamp its processes to make them quicker, and develop policies on how cloud providers can be used by end-users without violating corporate security.
Healthy vs. Unhealthy Shadow IT
While requirements naturally vary among industries and providers, the typical organization can differentiate “healthy” shadow IT from “unhealthy” shadow IT. Healthy shadow IT increases end-user productivity, helps them engage customers better, and can provide additional customer insight. Unhealthy shadow IT, by contrast, incorporates technologies that should be integrated into central IT systems for security or other reasons, technologies that require excessive support, and technologies that could be obtained more cost-effectively through enterprise contracts rather than by a single department acting on its own.
Handling shadow IT however your organization chooses to depends on your IT team having the tools it needs to take care of IT service desk needs and IT asset management. Samanage offers a true cloud solution to IT service desk and IT asset management that can even let you know when a new device connects to your network. With the many flexible, powerful tools Samanage offers, your IT team will be empowered to detect and react appropriately to shadow IT.