Shadow IT is real. That’s especially true in 2020 now that IT teams seem so far away and less accessible. Although most of us were given the devices, tools and applications we need for our jobs, it was probably with an office environment in mind. With so many of us now working in less-than-ideal conditions from home, we may be tempted to cut corners.
Most cases of Shadow IT creep in when employees are frustrated by something. Whatever that something is, it’s an obstacle that we think we can fix ourselves. Maybe we don’t have the right email, or we prefer a different collaboration tool that a vendor or teammate is using. Perhaps we just need to edit a one-off image but don’t have a simple way of doing it. Maybe we need to scan a signed document, but don’t have a scanner. Whatever the situation may be, when help from IT isn’t close at hand, many of us want efficient shortcuts to solve the problem.
I am the first to admit that I’m absolutely guilty of this approach. And I’m not alone. A recent survey conducted by NetMotion found that a whopping 62% of remote workers admitted installing rogue applications onto their corporate-issued devices without the permission or knowledge of their IT department.
The IT perspective
Let’s look at this from the IT point of view. IT teams like simplicity. They want their network to be buttoned up, visible and secure. The most effective way to achieve this is to limit the number of accepted applications deployed on a device and keep a tight rein on application creep.
In the case of larger organizations, the process of selecting apps and services may be quite rigorous, testing functionality and compatibility with an entire ecosystem of other applications before allowing widespread adoption.
From a stability and security perspective, this approach makes a lot of sense. Provisioning everyone’s device with a limited set of robust, trusted and manageable applications makes IT’s job far easier.
2020 had different plans
But think about the enormous disruptions that 2020 has brought to companies and their employees. Vast numbers of people moved virtually overnight from an office to a work-from-home environment, possibly without fast internet access, and certainly without the physical availability of in-person helpdesk support. Meanwhile, the number of trouble tickets grew but many IT teams were powerless to help without the benefit of edge-to-edge network visibility.
Rather than take the slow, uncertain path of getting approval for a new app, it’s clear that many employees decided to install unsanctioned applications on their work devices with little regard for security. The result has been a hodgepodge of solutions across teams, with many people having multiple apps that do virtually the same thing.
What’s the big deal?
The main problem with shadow IT is obvious – increased security risk. Within a controlled environment, it’s relatively easy for IT and security teams to ensure that every employee device receives regular patches and updates. But a product installed by the employee may have hidden vulnerabilities, may not receive updates and patches, and worse still, may contain malicious code that puts the endpoint (and its data) at heightened risk of being exploited by attackers and cyber-criminals.
Zoom is a good example of this. While at the start of the year most companies officially used Webex or Microsoft Teams for video conferencing, people quickly gravitated to Zoom because of its user-friendly interface. The app’s unexpected popularity brought to light serious and continued security flaws, yet this didn’t seem to deter many users.
Solving shadow IT
Reducing the risk of shadow IT takes a combination of grass-roots education and top-down decisions about how to manage IT support.
First, it’s important to create a company culture in which security awareness is expected. Employees – especially the non-technical ones – need to be educated about what shadow IT is, and all of its associated risks.
Second, it’s IT’s job to make sure that employees are kept safe and productive while working. For employees outside the comfort of the office network environment, it has been a struggle for IT teams to gain the visibility into network performance, application and device performance, that will give them the insight they need to find and troubleshoot issues. The best way to do this is through a dedicated employee experience monitoring tool. These tools are quickly gaining traction as a means for IT teams to see all the way to the edge of the network, where the end-users and devices are located.
Keeping end-users happy and productive is an enormous challenge. IT teams need to walk a razor’s edge when it comes to security. Too tight a grip and employee productivity and satisfaction will suffer. Too loose and there is a real risk of creating a wild west that has serious security and compliance ramifications. As with most things in life, having the right tools in place makes that difficult balancing act so much easier.
- Ransomware – the scourge of our times
- Creating a Cyber Security Culture with former Arsenal F.C IT Director, Christelle Heikkila
- Demand for ZTNA continues its upward trajectory in 2022
- What does “cyber resilience” mean to Legal IT?
- Where are you on the machine learning and artificial intelligence roadmap?