Shadow IT is often defined as internal projects such as cloud solutions that people manage and utilize without the knowledge of the IT department, according to McAfee. It also refers to simply any unauthorized uses of technology. The trend began with items such as unauthorized Excel macros and has taken off along with the proliferation of software and services delivered via the cloud.
In the past, shadow IT was often caused by an impatient employee’s wishes for immediate access to software, hardware or a web service without going through the company’s required process. However, today, the meaning has expanded to include personal devices that the employee might use at work, or a program or cloud service that the IT department is not aware of.
While Software as a Service (SaaS) solutions have become the most common type of shadow IT, it can also include the following, according to Cisco.
- Boxed software sold in stores
- Hardware such as laptops, smartphones and PCs
- Other cloud products such as Platform as a Service (PaaS)
This phenomenon is far from uncommon: Even among IT department employees themselves, 40 percent report utilizing an unapproved application, device or other form of technology, a survey of 1,000 U.S. IT professionals conducted by Entrust Datacard found, according to the press release “IT Pros Believe Shadow IT Could Become a Competitive Advantage, Study Shows.”
As that headline suggests, the survey also found that respondents felt the trend of shadow IT shows that employees prefer a different way of working, and 77 percent thought their companies could outperform the competition and boost productivity if leaders collaborated more with staff members to better meet their tech needs.
However, particularly as the onslaught of cyberattacks continues, shadow IT presents considerable risks to businesses in terms of cybersecurity and compliance, as these tech tools aren’t included in companies’ security strategies and auditing processes. Shadow IT can easily put your network at risk and lead to data breaches, according to Masergy.
Ultimately, IT departments must deploy risk mitigation strategies including comprehensive network visibility and examination of usage statistics, Masergy states. Our team of security analysts can assist you with network management and the discovery of unauthorized applications and devices. Give us a call at 877-599-3999 or email firstname.lastname@example.org for details.
Editor’s note: This blog entry was updated on June 3, 2021, with accurate and current information.