Shadow IT: Should businesses be running scared?

The lines between real-time operational requirements and long-term strategic business goals have never been more blurred than they are today. As one influences the other, and vice versa, there is one aspect that is intrinsically linked to both however – IT.

The last decade has propelled the role of IT into hither uncharted waters, largely thanks to the consumerisation of enterprise IT (BYOD and the use of off-the-books, third-party apps), and cultural shifts towards more flexible working paradigms. For example, it’s now entirely accepted and absolutely common practice to use your own personal devices, work via a VPN, and use the likes of Google Docs, Box or WeTransfer in our professional lives. 

Thanks to consumerisation, employees now have a greater degree of freedom and flexibility, often finding ways to solve business questions with answers that don’t always sit within the traditional frameworks of corporate IT. 

When you’re tasked with sharing documents with multiple colleagues, as often as not you are now likely to upload these materials to your favourite sharing tool and easily share the link so everyone can input their own edits. You can track all the edits your team makes in real time and wrap up the final materials, then quickly move on to the next task. It’s productive, painless and easy-to-use. 

Security protection

Additionally home and mobile workers don’t have the same security protection as they do within the corporate office so the use of easy, quick access to a variety of web based software on demand applications, as well as easy to assess web platforms, while seemingly attractive, may actually harbour challenges regarding confidentiality of corporate data.

However, for all the efficiency and usability, it can also threaten a business by exposing corporate data to risk, as employees regularly save and share company data to external cloud-based platforms; platforms their companies simply cannot track on monitor.

As the demographics (over half the worldwide workforce will be millennials by 2020), of our global workforces continue to shift, we can only expect this problem to increase, and it raises certain questions around the use of ‘Shadow IT’ for businesses big and small. 

Employees will continue to use their own tools

The fact of the matter is: whether it’s allowed by employers or not, employees (especially millennials), are still going to continue to use outside tools and upload company data to them – it’s simply the way people now want to work in 2015. 

Instead of fighting this activity, businesses would be wise to look for ways to give their employees secure access to an approved variety of cloud apps that enable new levels of productivity and collaboration for their employees.

Is "shadow IT" actually a bad thing?

We have reached a situation with IT departments where with easy and cheap access to applications has led to the horse well and truly bolted and getting it back into the paddock is going to prove nye on impossible. 

Embrace the change

With this in mind, businesses of all shapes and sizes would do well to embrace the cultural and IT shifts in their workforces regarding Shadow IT, rather than trying to hold back the inevitable tides of change. 

Acknowledgement should not be confused with complicity however, and there are tools available that can now provide new levels of access control with visibility and protection over what corporate data can and cannot be shared with third-party cloud apps.  

By using these transparent tools businesses will be able to afford employees the benefits of using approved tools, thus promoting increased convenience, while at the same time minimising corporate risk. They may well even find themselves with happier, more productive workers as well!

Peter Jopling is executive advisor and deputy global leader for the IBM Security Tiger Team.

Share this story

Close
Menu
Send this to a friend