{"id":10189,"date":"2016-05-10T11:00:24","date_gmt":"2016-05-10T16:00:24","guid":{"rendered":"http:\/\/www.mrc-productivity.com\/blog\/?p=10189"},"modified":"2023-03-13T16:16:49","modified_gmt":"2023-03-13T21:16:49","slug":"6-facts-you-must-understand-about-shadow-it","status":"publish","type":"post","link":"https:\/\/www.mrc-productivity.com\/blog\/2016\/05\/6-facts-you-must-understand-about-shadow-it\/","title":{"rendered":"6 facts you must understand about Shadow IT"},"content":{"rendered":"

\"Education\"Summary: A growing trend, “Shadow IT” is a term used to describe IT solutions and systems created and applied inside companies without their authorization. But, while it impacts nearly every organization, not every business leader fully understands the topic. In this article, we uncover the important facts that every business leader should understand about Shadow IT. <\/em><\/span>
\n<\/a>
\nWhether you know it or not, Shadow IT is alive and well in your business. Even if it\u2019s only practiced by a few employees, or even if it\u2019s only a few unauthorized apps, Shadow IT is a problem facing every business.<\/p>\n

What is Shadow IT? It\u2019s a term used to describe IT systems and IT solutions built and\/or used inside organizations without approval by (or knowledge of) the IT department.<\/p>\n

For example, when an employee stores work documents in dropbox or on a personal USB drive, that\u2019s Shadow IT. When employees use a cloud-based CRM solution (without IT\u2019s knowledge), that\u2019s Shadow IT. Or, when employees purchase and use self-service BI tools without going through IT, that\u2019s Shadow IT.<\/p>\n

I could go on, but the point is this: Shadow IT comes in many shapes and sizes, and impacts most every business.<\/p>\n

The problem is, many business leaders don\u2019t fully understand the topic, or don\u2019t believe it applies to them. They don\u2019t understand the risks (and benefits). They don\u2019t understand just how prevalent it has become.<\/p>\n

Today, let\u2019s shine some light on the topic and explore a few important realities about Shadow IT. Here are 6 facts that every business leader must understand:<\/p>\n

1. Shadow IT is not new (and isn\u2019t going away)<\/h3>\n

The \u201cShadow IT\u201d buzzword has exploded over the last few years. In the IT world, everyone\u2019s talking about it.<\/p>\n

But, is Shadow IT new? Not at all. Business users have bypassed IT departments for ages. They\u2019ve adopted unauthorized tools, and used personal devices in the workplace for years.<\/p>\n

The problem is, it\u2019s far easier now than it ever was in the past. Users can search the web, find a new solution to the problem, and get up and running in minutes. When the alternative is placing a request to the IT department, and then waiting around…what do you think they\u2019ll choose?<\/p>\n

The fact is, Shadow IT isn\u2019t going anywhere (and it\u2019s only growing). Once you understand this fact, it changes your approach. Rather than fight a losing battle, you must search for ways to harness Shadow IT.<\/p>\n

“Shadow IT has always existed and will continue to exist forever,\u201d explains Andrew Storms, VP of Security Services for New Context<\/span><\/a>. \u201cIn this arena, the best advice is if you can’t beat them, then join them. Companies need to accept the fact that Shadow IT will continue to happen and learn to work with it and not against it. It is critical to ask why Shadow IT exists in your organization in the first place. What service is your corporate IT not providing? Why do people feel the need to go around IT? Is your IT department creating too many speed bumps or hindering company creativity? These questions will help uncover ways to appropriately address the issue.”<\/p>\n

“One of the best things IT can do is to communicate. Get out of the cubes and go and speak with your users. Creating and fostering that human bond goes a long way to understanding your users\u2019 needs and challenges. Then together, as partners, IT and Shadow IT can work towards an amicable solution.”<\/p><\/blockquote>\n

2. It\u2019s worse than you think<\/h3>\n
\"photo
photo credit: OpenClipartVectors<\/a> via pixabay<\/a> cc<\/a><\/figcaption><\/figure>\n

Now, I\u2019ve heard from many businesses who don\u2019t think Shadow IT applies to them. Their users aren\u2019t bypassing the IT department, so why worry about it?<\/p>\n

But…can you really know for sure? By its very definition, Shadow IT is practiced on the sneak. Chances are, it\u2019s happening in your business, whether you know it or not.<\/p>\n

In fact, it\u2019s probably much more pervasive than you realize. A recent study<\/span><\/a> revealed that IT leaders vastly underestimate the use of Shadow IT in their organizations. Here\u2019s the crazy part: On average, Shadow IT usage was 15x worse than they estimated!<\/p>\n

The fact is, Shadow IT is like an iceberg. It may seem small above the surface, but it\u2019s far bigger than you realize.<\/p>\n

\u201cIn reality, there are a large number of unauthorized cloud applications in use at many organizations,\u201d says Adrienne Johnson, Corporate Communications Manager at CorpInfo<\/span>. \u201cUnless the IT department has tackled this head on, and utilized specialized discovery tools, they likely are not aware of them. This means your organization has no idea what your security posture is, what degree of risk you are exposed to, or where your sensitive data is.\u201d<\/p><\/blockquote>\n

3. It expands your attack surface<\/h3>\n

You know that Shadow IT is here to stay. You know that it\u2019s probably more prevalent in your company than you think.<\/p>\n

The big question: Why should you care? Why should you spend the time and effort in controlling\/harnessing Shadow IT?<\/p>\n

Here\u2019s one big reason: Security. As explained below, every new device or application gives attackers another way into your systems or data.<\/p>\n

“The proliferation of cloud platforms and technologies is expanding the attack surface and opening the network to new types of cyberattacks,\u201d says Ofer Or, VP of Product for Tufin<\/span><\/a>. \u201cMany of these platforms allow application development teams to completely bypass security and network operations and, in turn, introduce ad hoc changes with limited or no security controls. This can result in network security vulnerabilities, violations of company-wide network security policies, and regulatory non-compliance fines.\u201d<\/p><\/blockquote>\n

4. It\u2019s not rebellion<\/h3>\n
\"photo
photo credit: s2dent<\/a> via pixabay<\/a> cc<\/a><\/figcaption><\/figure>\n

The common reaction from IT leaders when they discover Shadow IT: Anger. How can the users go behind our backs like this? This must be stopped!<\/p>\n

I get it. As an IT leader, you spend considerable time and energy managing the organization\u2019s technology. You work to ensure that your users have secure access to the tools they need.<\/p>\n

Then, they go behind your back and create security risks.<\/p>\n

While it seems bad on the outside, you need to understand one important fact about Shadow IT: It\u2019s not a rebellion, and you shouldn\u2019t treat it as such. As explained below, end users are trying to find the most efficient way to work.<\/p>\n

\u201cYour team is doing it out of convenience,\u201d says J. Colin Petersen, President & CEO of J – I.T.Outsource<\/span><\/a>. \u201cThey’re trying to get their job done in the most efficient way possible. Make policies that recognize that need, while keeping your data safe.Documents in the shadow cloud, such as those stored in Dropbox or OneDrive, are probably not getting backed up. Your team probably doesn’t realize this.Your team also doesn’t realize that they might be exposing you to regulatory risk by using the shadow cloud, especially if you’re in medical services or related health care. Financial sector employees are used to the restrictions placed on them, but many medical offices (especially smaller practices) aren’t up-to-date or as diligent about training their employees.\u201d<\/p><\/blockquote>\n

5. Shadow IT isn\u2019t all bad<\/h3>\n

There\u2019s no denying that Shadow IT can create security problems if left unchecked. But, should you view it as a problem that must be stopped? Not at all.<\/p>\n

When harnessed, Shadow IT offers some very real benefits. As mentioned in this article<\/span><\/a>, it improves productivity, delivers solutions closely aligned with business needs, and reduces pressure on the IT department. Who doesn\u2019t want that?<\/p>\n

However, you only see those rewards if you harness Shadow IT. How do you do that? As explained below, it starts with communication with the end users, and treating them as allies–not enemies.<\/p>\n

\u201cAs an IT guy, I have to think about all of those risks,\u201d says John Matthews, CIO of ExtraHop<\/span><\/a>. \u201cBut I also have to think about what’s best for the health of the business from an efficiency and workflow perspective. When it comes to that, my best advice is to treat your rebels as your closest allies. The early adopters of new solutions can help determine what makes the most sense for the business long-term, vetting solutions that might otherwise have gone unnoticed. For both IT and business leaders, identifying these early adopters and bringing them into the IT process can result in better, sustainable technology adoption. If you structure your IT team to work with the rest of the organization, it will produce amazing synergies that help the business move forward.\u201d<\/p><\/blockquote>\n

6. There is no silver bullet (but there are solutions)<\/h3>\n
\"photo
photo credit: TiBine<\/a> via pixabay<\/a> cc<\/a><\/figcaption><\/figure>\n

Now, when some businesses learn about Shadow IT, they search for a solution that will solve the problem once and for all (and they\u2019ll probably find vendors offering one).<\/p>\n

But, here\u2019s the issue: Shadow IT cannot be fully addressed with technology alone. As explained in this article<\/span><\/a>, most of the steps needed to address Shadow IT involve communication, education, and a shift in how your business approaches technology.<\/p>\n

Of course, once you get those things right, there are solutions that will help. Some companies implement controlled, self-service options for their end users. This lets IT control data and user access, and gives users the ability to create solutions they need.<\/p>\n

Others implement Mobile Device Management (MDM) tools to secure and control the user\u2019s devices. In the event of a lost or stolen phone, these tools will help control the damage.<\/p>\n

I could go on, as there are many solutions that can help you address Shadow IT. But, the point is this: Don\u2019t assume you can find a silver bullet. Before you look for solutions, get the communication right. Work with the business users. Understand their needs. Only then can you truly harness Shadow IT.<\/p>\n

Summary<\/h3>\n

These are just 6 facts you must understand about Shadow IT, but the list could certainly be much longer. If you would like to add anything to this list, I\u2019d love to hear it. Feel free to share in the comments.<\/p>\n","protected":false},"excerpt":{"rendered":"

Summary: A growing trend, “Shadow IT” is a term used to describe IT solutions and systems created and applied inside companies without their authorization. But, while it impacts nearly every organization, not every business leader fully understands the topic. In this article, we uncover the important facts that every business leader should understand about Shadow …<\/p>\n

6 facts you must understand about Shadow IT<\/span> Read More »<\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-global-header-display":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","slim_seo":{"title":"6 facts you must understand about Shadow IT - mrc's Cup of Joe Blog","description":"Summary: A growing trend, \"Shadow IT\" is a term used to describe IT solutions and systems created and applied inside companies without their authorization. But,"},"footnotes":""},"categories":[8],"tags":[77],"class_list":["post-10189","post","type-post","status-publish","format-standard","hentry","category-education","tag-shadow-it"],"_links":{"self":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts\/10189","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/comments?post=10189"}],"version-history":[{"count":8,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts\/10189\/revisions"}],"predecessor-version":[{"id":14685,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts\/10189\/revisions\/14685"}],"wp:attachment":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/media?parent=10189"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/categories?post=10189"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/tags?post=10189"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}