Shadow IT: everyone’s at it, including IT

Shadow IT is by no means a recent development, enterprise IT departments have known about and battled it for a while now. The biggest change is that it’s not so much in the shadows, it’s very much out in the open with users often brazen in their use of unauthorised applications.

A recent report on ‘the hidden truth behind shadow IT’ stated “within IT circles, the discussion quickly turned from ‘how do you stop it?’ (you can’t) to ‘how to protect your business while giving employees the freedom to make choices’. Today many companies report greater productivity and higher employee satisfaction from their Bring Your Own Device (BYOD) policies.”

The rise of multiple device owners spurred a growth in shadow IT a few years ago and now the growing popularity of cloud computing and software as a service (SaaS) is doing the same. But how big is the problem?
Stratecast conducted a survey among IT employees and line of business employees who were described as decision makers of influencers of software purchases. The survey found that “more than 80% admitted to using non-approved SaaS applications in their jobs.”

Possibly the most surprising finding was that IT employees use a higher number of unauthorised applications. The same people telling you how using such services leaves the company hugely vulnerable to attack are creating easy routes to critical systems themselves!

Worryingly IT employees marked more security, access or liability risk statements such as corporate devices or networks being infected by malware as high concern than line of business employees. The report found that 15% of all employees had experienced at least one of the incidents described in the risk statements, showing that perceptions were backed up by experience.

So if those involved in shadow IT are aware of the risks, why do they still put themselves and their company in a vulnerable position? Quite simply because it gets the job done.

Participants of the Stratecast survey cited familiarity at the main reason they use non-approved applications, quickly followed by complaints of IT approval processes being too slow and cumbersome.

The fact that the majority of employees are taking part in shadow IT means that it can’t simply be ignored anymore. Organisations need to have a clear SaaS policy that gives employees some control over ways to effectively manage their workload as well without compromising company security.

Further reading:

Enterprise Security in the Cloud