LinkedIn
Instagram
facebook
Twitter

Support: 01242 504614

Sales: 01242 388530

phone
LinkedIn
Instagram
facebook
Twitter
Home > Cyber Security > Is Shadow IT exposing your business?

Is Shadow IT exposing your business?

by | Feb 27, 2020 | Cyber Security

How much is Shadow IT exposing your organisation?

Shadow IT is a growing problem, according to research conducted by Cisco an alarming 90% of CIOs worldwide are being by-passed by IT purchases and downloads, for systems which end up being embedded into organisational operations, unbeknown to IT.

What is Shadow IT?

Sounds a little ominous doesn’t it? Shadow IT is hardware or software that is predominately cloud-based and used by staff without IT’s knowledge, with no testing or approval given by IT or compliance.

It’s been described as an ‘invisible’ risk lurking in every organisation, with Gartner predicting it will be the result of 1 in 3 security breaches by 2020.
Everyday examples of Shadow IT include routine based activity across an organisation:

• Sharing files internally and externally to suppliers and customers via file sharing platforms (common culprits include OneDrive, Dropbox or Google Drive)
• Using personal accounts i.e. Skype for conference calls
• Employees using online tools from a previous job
• The Sales and Marketing team using an online CRM solution for campaign activity

With so many of these ‘normal’ activities taking place during most people’s working days it’s no surprise that CIO’s and IT teams are unaware of all these applications running in the background. Each of these applications can cause a significant risk to an organisation, by accidentally disclosing sensitive data, or hackers gaining access to steal data. Many of these applications that have software clients are also not updated regularly after installation, which represents a potential risk from malware.

“Only 7% of lost organisational data is actively hacked because an enormous 81% of data is stolen or carelessly disclosed.”

Cisco’s research revealed that CIO’s could be underestimating shadow applications running by a factor of 14, to quantify that in real numbers, that’s a CIO being aware of 51 cloud services running when in reality it’s closer to 730.

When did Shadow IT first become a problem?

An ‘I want it now’ culture was born, with the rise of easy to download cloud-based applications. This allowed employees to gain access to these applications through an accessible web interface with no involvement from IT. Before that, employees would have to wait patiently for IT to approve hardware and software, after testing for potential risks for someone to gain access to an organisations network and data. This caused considerable end user frustration and an unwanted impact on IT projects pushing forward.

With instant access to un-tested (or poorly configured) cloud-based applications, this distant bottle neck has been long forgotten but with it, it has led to more than just a headache for IT departments.

That’s not the only Shadow IT problem

A misaligned board only fuels the overall negative impact Shadow IT has on an organisation. If IT doesn’t have ‘a seat at the boardroom table’ then risk isn’t being taken seriously, and IT strategy is seen as an afterthought. This can lead to clunky, over engineered IT infrastructures and systems that become difficult to change and upgrade when necessary, stopping IT projects in their tracks.

Thankfully, it’s becoming more common for IT to have its rightful place on the Board. As more and more organisations are understand how IT underpins every facet of the business, from processes, to storing and backing up data. With the need for greater analytical reporting and integration, IT has all of this and more to manage, as well as the demand for easy accessibility protected by robust data security procedures.

This ever-increasing strain on IT from the rest of the business can only lead to incidents of data loss, security breaches and infrastructure failures. These events can no longer be confined to one area of the business, instead they now have a serious impact on the wider organisation in terms of reputational damage, escalating costs and operational down time.

How can you manage Shadow IT?

It can be a daunting prospect to try to manage this so called ‘invisible’ problem, but it need not be if you can address the root cause of the issue. By implementing the following controls, and getting the necessary help you can help to you regain power:

Understand the problem

Monitor who is doing what and remove the ability for individuals to download applications without following the appropriate business procedures. Put in place appropriate web filtering to prevent access to SaaS platforms that could be used to step outside of normal practice.

Discover and manage risk

The key to any approach is to understand the risk. How well does your IT platform cater to the current (and potentially future) needs of the business? The two main drives of Shadow IT are ‘need’ and ‘ability’: For example, file sharing between organisations (need) and using an application from a previous post to create network diagrams (ability). Understanding the needs of the business will allow the IT team to provide the appropriate solutions to negate the need for shadow IT, whilst having the appropriate controls to detect and prevent the use of unapproved platforms and applications will greatly reduce the ‘ability’ for staff to make use of shadow IT.

Lock-down any immediate risk

If something breaks company policy, then it must be blocked, and further action taken where deemed necessary. Security and acceptable use policies are a must, so employees are aware of the risks and consequences associated with their actions.

Make employees aware

Sufficient notice should be given to users of unapproved IT applications. Allow employees to justify their use and if the risk outweighs the benefit then shut down unapproved applications after sufficient warning is given. If the business decision is to continue with an application, ensure that someone at the appropriate level accepts the risk in doing so, and that the application is appropriately vetted by the security and compliance team prior to continuing.

Policies and training

You can’t expect all employees to be aware of the risk they pose to the business through their use of shadow IT applications. Setting out clear policies that are mandatory to read and providing context in the form of training can help minimise risk and provide a greater understanding that their actions have consequences.

Continual monitoring

It’s important to continually monitor the state of your network, in particular any abnormal traffic or unknown applications. Employees can also forget, so reminders could be a simple way to mitigate risk as well as trying to prioritise new application authorisations in a timely manner.

Need help controlling Shadow IT?

Network monitoring:

At Optimising IT we are continually helping our customers to proactively monitor their networks. Armed with industry leading tools, we’re able to examine and alert organisations to suspicious traffic and locate devices and applications that need locking down.

[vc_btn title=”Network Monitoring Quote” style=”flat” color=”default” link=”url:https%3A%2F%2Fwww.optimisingit.co.uk%2Fcontact%2F|title:Contact||” el_class=”sourButton”]

A co-sourced approach:

We can also take the strain from internal IT teams with a co-source offering, that enables IT teams to focus on driving business critical projects forward by resolving incidents and requests reported by end users. Thus, freeing up your team to deal with and ultimately maintain control over shadow IT. Discover the meaningful results we have achieved for our customers with our co-sourced Managed Service.

Managed Service Quote

Cyber-security training:

Training also plays an important part in helping to maintain control of shadow IT and is something we have successfully implemented for our customers, wrapped up in our half-day Cyber-security awareness workshop for employees. We also offer a similar workshop for Business Leaders, helping to align your board to understand the impact a data breach can have across the business.

Book Cyber Training

For more information on the other challenges CIOs and IT typically face, be sure to read our guidance on IT, Cyber and Compliance.

Contact our expert team to discuss your individual requirements by calling 0330 403 0011 or by filling out our contact form and we’ll be happy to discuss your individual requirements with you.

Cyber-Security

Contact Us

IT, Cyber & Compliance for Insurers

GOT A QUESTION ABOUT YOUR IT SYSTEMS AND SERVICES?

Our experts are ready and waiting to help you get more out of your business. Get in touch today!

78% Average First Contact Resolution

98.8% Average Customer Satisfaction Score

Rapid Response Time

Cyber Focused Approach

Why Choose Us

why choose us

CONSULTATIVE APPROACH, ELEGANT IT SOLUTIONS

Our consultative approach enables us to get to know your business, so we can deliver elegant IT solutions that are cost-effective and in tune with your business needs.

HIGH QUALITY SERVICE, STRAIGHT TO 2ND LINE

Our UK based Service Desk goes straight to a highly qualified 2nd line support engineer, guaranteeing a quick response and resolving most issues at First Contact. That’s why we’re able to consistently achieve over 78% First Contact Resolution (FCR). This keeps staff downtime to a minimum compared to traditional 1st line slow to respond Service Desk models.

EXPERT TEAM, SEAMLESS INTEGRATIONS

Our commercially focused, highly experienced team understand the importance of seamless integration with in-house teams and delivering a consistent, high standard of service.

MEASURING SUCCESS, KPI DRIVEN

Our services are continually monitored and KPI driven. Our reporting is shared in a collaborative way, guaranteeing transparency and a focus on continued service improvement from a high-quality baseline.

FLEXIBILITY, CO-SOURCE OR OUT SOURCE SERVICES

Our Co-source and Out-source services mean we are flexible in our approach to deliver the appropriate level of support for all our customers.

CONNECTED WITH TRUSTED TECHNOLOGY

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus odio nisi, ultrices eu magna a, auctor sagittis enim. Sed ac posuere lacus. Curabitur ultricies, sem in lacinia iaculis, orci justo ornare est, ac dictum erat diam vel erat.

CONSULTATIVE APPROACH, ELEGANT IT SOLUTIONS

Our consultative approach enables us to get to know your business, so we can deliver elegant IT solutions that are cost-effective and in tune with your business needs.

EXPERT TEAM, SEAMLESS INTEGRATIONS

Our commercially focused, highly experienced team understand the importance of seamless integration with in-house teams and delivering a consistent, high standard of service.

FLEXIBILITY, CO-SOURCE OR OUT SOURCE SERVICES

Our Co-source and Out-source services mean we are flexible in our approach to deliver the appropriate level of support for all our customers.

HIGH QUALITY SERVICE, STRAIGHT TO 2ND LINE

Our UK based Service Desk goes straight to a highly qualified 2nd line support engineer, guaranteeing a quick response and resolving most issues at First Contact. That’s why we’re able to consistently achieve over 78% First Contact Resolution (FCR). This keeps staff downtime to a minimum compared to traditional 1st line slow to respond Service Desk models.

MEASURING SUCCESS, KPI DRIVEN

Our services are continually monitored and KPI driven. Our reporting is shared in a collaborative way, guaranteeing transparency and a focus on continued service improvement from a high-quality baseline.

connected with trusted technology

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus odio nisi, ultrices eu magna a, auctor sagittis enim. Sed ac posuere lacus. Curabitur ultricies, sem in lacinia iaculis, orci justo ornare est, ac dictum erat diam vel erat.

Case study

Read Case Studies

Shonga-shonga paminta Cholo neuro na ang sudems jongoloids biway thunder majubis klapeypey shonga sa tungril planggana katagalugan lulu

Testimonials

What Our Customers Say