WHAT IS SHADOW IT? The term ‘shadow IT’ (also known as ‘grey IT’) refers to the unknown assets that are used within an organisation for business purposes. Since these are not managed by IT or accounted for by asset management, nor aligned with corporate IT processes or policy, they’re a risk to your organisation. This […]

WHAT IS SHADOW IT?

The term ‘shadow IT’ (also known as ‘grey IT’) refers to the unknown assets that are used within an organisation for business purposes. Since these are not managed by IT or accounted for by asset management, nor aligned with corporate IT processes or policy, they’re a risk to your organisation. This could result in the exfiltration of sensitive data, or spread malware throughout the organisation.

Whilst often thought of in terms of devices, shadow IT also applies to cloud technologies. For example, if users are storing sensitive, enterprise data in their personal cloud accounts (in order to access it from another location or device), this is also shadow IT because the personal cloud storage probably isn’t covered by your organisation’s risk management process. Most organisations will have some level of shadow IT, but if shadow IT is prevalent, risk management becomes more difficult because you won’t have a full understanding of what you need to protect, and what you value most.

It’s important to acknowledge that shadow IT is rarely the result of malicious intent. It’s normally due to employees struggling to use sanctioned tools or processes to complete a specific task, so they’ll adopt unofficial measures to help them complete their work.

Some common reasons that lead to shadow IT include:

not having enough storage space

not being able to share data with a third party

not having access to necessary services (for example development tools)

not having a sanctioned video conferencing (or instant messaging) tool

not being able to request assets or services through a corporate system (or the process for doing this being ineffective/slow)

approved tools or SaaS services not providing the required functionality

not realising that use of devices or personally managed SaaS tools might introduce risk

Most importantly, you should always take a positive and no-blame approach to people who have been forced into adopting shadow IT. If you blame or punish staff, their peers will be reluctant to tell you about their own unsanctioned practices, and you’ll have even less visibility of the potential risks.

Organisations benefit from working with Business Technology Leaders across the United Kingdom as we work flexibly to drive your innovation with our deep understanding of technology and learnings across industries. Expert support helps businesses to change nimbly with speed and confidence while pulling away from competitors. If you want to know more visit https://businesstechnologyleaders.com/soln/strategy/ or contact me ([email protected]) today for a confidential and impartial discussion on how we can add value to your business.