We know we hype up multi-factor authentication, or MFA, quite a bit on this blog, and for good reason. When implemented correctly, it can be an effective deterrent for many cyberthreats out there. However, as they often do, hackers have found ways around MFA. Let’s take a look at how hackers find ways around MFA protection. Read More
- Published: 24 Jan 2020
Shadow IT is the moniker that people in the technology industry have coined for applications that employees download that aren’t vetted for use on an organization’s networks. For the better part of the past decade, IT administrators have universally demeaned the use of unsanctioned software for use on company networks due to potential vulnerabilities that come with these applications and any phantom costs associated with their use. What may surprise you is that some organizations are rolling back their shadow IT policies. Today, we will take a look at both ends of this issue.
Shadow IT is Bad
Let’s face it, most people working today have been using technology for over 20 years. They may not be IT experts (they aren’t), but they aren’t novice users either. They can spot a tool when they see one. For the end-user, finding solutions to their problems in the form of a simple-to-download application, is a no brainer, especially if the person is proficient with the unauthorized software. They won’t think twice before downloading the title.
The problem, quite obviously, is that the software being downloaded may have vulnerabilities upon download; and, if it’s allowed to fester without updates on a workstation for some time, will likely have some. Unfortunately, vulnerable software on a network endpoint is a hole in the network itself. We spend a lot of time on this blog talking about cybersecurity, and one of the big no-nos is leaving unpatched holes in your network by not frequently patching and updating software. Since the IT department or managed IT provider handles this process, if they don’t look for a software to update (because they often don’t know it is there), it will likely be a problem before long.
What are the potential risks? There are a multitude. They include:
- A lack of security - Without the visibility and control over network-attached resources, IT management becomes much more difficult. If there is a potential that a piece of software can put a hole in your network, you are compromising the network’s security.
- Problems with performance - If the tool that’s implemented doesn’t mesh with the system it’s being downloaded with, the app’s performance--and thus the user’s--will be compromised.
- Compliance problems - If your organization needs to meet certain compliance standards, the presence of unmanaged software makes it almost impossible to meet said standards.
- Data loss - If IT management doesn’t know that a software is on the network, it won’t be covered by organizational backup strategies, meaning work completed using shadow IT apps won’t be backed up.
You can see why IT admins and most decision makers look at shadow IT as problematic.
Shadow IT is Good
There aren’t too many issues in life that are dialectically bad. There is always a bit of positive with anything, including shadow IT. Recently, there has been a shift in the way that some organizational leaders and IT professionals look at shadow IT. You see, businesses are always looking to increase productivity, to get the most out of their available capital, to find solutions for problems. Shadow IT, for all its problems, allows workers to accomplish all three of these fundamental goals; and, it seems IT admins are coming around.
According to a study of 1,000 IT professionals, 77 percent believe that embracing shadow IT solutions can help a company innovate quicker than their direct competition. That’s not all.
- 49 percent said that shadow IT boosts productivity.
- 45 percent said that shadow IT helps promote employee engagement.
- 40 percent said that shadow IT helps promote adherence to IT security requirements.
- 40 percent said that shadow IT would help reduce employee turnover.
This survey seemingly splits the IT community in half, with half believing shadow IT to be an active menace and half believing there are strong benefits to promoting the use of some shadow IT resources. Now, I don’t know any IT professional that would be okay with employees downloading unauthorized software on company-owned machines, but because shadow IT extends to employee-owned devices, there may be opportunities to allow employees to use the software they are most comfortable with on their own devices, just as long as the organization has made contingencies for it. Either way, taking in the numbers above, shadow IT is not considered the “biggest threat to your business” as it has been for the past several years.
If you would like to learn more about shadow IT, what constitutes shadow IT, or any other software and maintenance questions, call our knowledgeable professionals today at 1-855-405-8889.