Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Is Shadow IT Really the Perilous Threat It's Made Out to Be?

While most managers likely believe that their adoption of cloud and SaaS tools are instrumental to their success, IT heads seem to want to rein in that enthusiasm. Many are now alarmed by the pervasiveness of unsanctioned adoption of devices and software applications in organizations. This phenomenon, commonly referred to as “shadow IT,” has become the bane of many CIOs and IT administrators. After all, it's difficult for administrators to secure what they don't know exists.

Could it be that this sentiment is just overblown fear, grounded in resistance to change? Are IT managers feeling disproportionately threatened by self-service SaaS adoption, simply because they’re no longer effective as gatekeepers? Let’s take a look at the issue from a few different angles.

The Dangers Are Real
Not all cloud apps are built and maintained with the same level of security. Those that have weak security mechanisms or are hosted on vulnerable systems are susceptible to data breaches. If a company uses such services to store sensitive information like customers’ personal and financial data, it’s only a matter of time before they too become victims of a data breach. Attackers are now actively targeting poorly-secured cloud infrastructures.

Misuse or mismanagement by employees themselves can also contribute to these risks. Inadvertent deletion of data, loss of login credentials, zombie accounts set up by former team members, and blindly opting in to terms of use without vetting them can all heighten your data exposure dangers. It's also likely that a number of these applications overlap in functionalities, and redundant tools only contribute to IT management overwhelm and unnecessary spending.

A Tech-Savvy Workforce
IT leaders’ concerns are definitely well-founded. However, it’s also important to remember what actually compels employees to use tech behind the IT department's back. They must try and better understand the environment in which companies find themselves today. 

Digital adoption is thriving within organizations, largely on the heels of changes in the workforce makeup. Millennials now account for the majority of professionals. As digital natives, they’re more than comfortable with sourcing and adopting their own digital tools.

Unlike their older counterparts, most are able to figure out how to use these solutions without guidance from IT. Most won't even mind using their own devices or subscriptions for work-related tasks. 

Unfortunately for IT administrators, this independent streak among their employees also means that their staff today is likely to circumvent or skirt around restrictions concerning IT use. Given this reality, perhaps it’s unfair to put the entire blame on employees.

A Reasonable Compromise
These things considered, the big question still is if the prevailing sentiment concerning shadow IT is overblown. It is possible that some IT leaders feel displaced by the changes in IT decision making. Cloud-based services and SaaS have effectively decentralized IT decisions, empowering function teams to readily choose and acquire the tools that they want. 

IT leaders must come to terms with this shift and focus on collaborating with other departments rather than try to seize back full control over decision making. It's possible that IT leaders would be better off reacting differently to the big shifts already taking place in today's landscape. 

Besides, IT teams still have a large role to play in the management and security of their infrastructures. However, they must also still be given some authority over the choice of these digital solutions since they have the responsibility to integrate them into workflows and ensure their security.

To ensure that synergy across digital tools is achieved, companies must have clearly defined IT policies. These guidelines should steer end users towards making the right choices of tools. 

Users must also be trained to follow the best and most secure practices. IT teams can use management solutions that provide them with visibility. SaaS management platforms now have the ability to automatically detect all instances of SaaS use and allow administrators to quickly delegate and sanction access to these subscriptions.

Sure, shadow IT definitely represents the potential for major danger, but with the right perspective and the right strategies in place, it's possible to minimize risk without holding business back.

What’s Hot on Infosecurity Magazine?