The guilty parties fuelling the rapid proliferation of Shadow IT are less roguish than you might imagine however and include everyone; from C-suite executives at the pinnacle of an organization, to new interns uploading their first notes on Google Drive.
Downloading cloud services has never been easier, plus more devices than ever are being used to house the extensive pick-a-mix of solutions and tools, including smartphones, tablets, and even smartwatches. What’s worrying for company Chief Information Officers is that many of these devices, used for both personal and business use, are connecting to corporate networks. More painful still is the fact it’s the apps that are designed to increase productivity that are especially vulnerable, reports Cisco. Of the 900 organizations the technology conglomerate surveyed, 27% of the apps being used were classified as ‘high risk’.
“Most users don’t realise or expect professional tools to be a target for cyber-criminals, however these apps often demand quite a lot of information and frequently require email accounts to work. This makes them the perfect vector for security breaches,” explains Mark Adams, Chief Customer Officer at cloud enterprise software company, Cloudmore.
Research group Gartner estimates that by next year (2020), one third of successful attacks experienced by enterprises will be on their shadow IT resources.
Shadow IT can be very costly, not only because of the increased security risk that it represents, but even in terms of a business’s day-to-day running costs.
According to a 2018 report by Symantec, the average enterprise uses 1,516 cloud apps, which is a staggering 40 times higher than they typically think.
These unapproved applications can gain access to sensitive data, and, in addition to that time-bomb, they are also, often, regularly collecting fees agreed upon by the user.
This creates two serious problems. First, the fees can roll on, even after the employee has left the company, and second, employees aren’t necessarily considering their organization’s long-term IT strategy. Frequently, the solutions they choose are incompatible with each-other, or the many apps being downloaded solve the exact same problem. This creates data silos, which is vastly inefficient.
As many as 71% of employees across organisations are using unsanctioned apps on devices of every shape and size, making it very difficult for IT departments to keep track of. These employees may understand what company data and private information is sensitive, but they may not know which cloud applications can track, store and share this data, or what ends up going into the public view.
The large majority of employees are downloading productivity apps because they want to streamline their tasks and deliver better results.
“Companies should create processes that allows employees to suggest new tools to the IT Department to be assessed for sustainability as a company-supported tool,” says Adams. This keeps employees empowered, the company safe and limits the number of redundant apps being used.
Another developing phenomenon that is helping IT departments tackle the security threat are ‘Bring Your Own Device’ (BYOD) policies for staff. Work culture has transformed over the last decade and employees no longer want to be confined to their office desks to get tasks done. According to Samsung, 78% of employees agreed that BYOD helps them to achieve a better balance between their professional and personal lives. More employers recognise the value of giving employees this freedom and are therefore devising strategies to accommodate the change.
See here for an example of a BYOD policy drawn up by the UK National Health Service, where data security is especially critical. Or, download the Cloudmore BYOD template to devise your own.
Organizations need to pay more attention to what software and apps their employees are using. Below is a list of questions that will help your IT department to determine which services to eliminate and which resources to secure and enable.
If you want a simplified way to manage your Shadow IT, Cloudmore can help. We’ve got the tools you need to see what your employees are doing in the cloud, and we can turn most of these applications into one easy-to-manage solution. Why not reach out to us directly to find out more?