The State of Shadow IT in 2016

As we’ve talked about before, Shadow IT occurs when internal information is shared without explicit organizational approval.

In the past, Shadow IT was limited to a few digitally savvy employees, who would have to purchase hardware from office supply stores and plan their attacks.

Today however, internal employees can utilize applications in the cloud such as file sharing apps, social media, and collaboration tools, to quickly share files from their desk without the permission, or knowledge, of the IT department.

In fact, today it’s estimated that 40% of all IT spending at a company occurs outside of the IT department – emphasizing IT’s new role of ensuring security and compliance of internal data that employees upload to cloud services (instead of their previous role of managing the application and physical infrastructure).

A recent study found that when IT examines the use of cloud services across the organization, they generally find Shadow IT is 10 times more prevalent than they initially assumed – with organizations averaging over 1,083 different cloud services.

This creates an uncomfortable (but necessary) situation where IT has to say no to employees using cloud apps to do their jobs, often using the company’s firewall to block access to cloud applications.

The catch-22, of course, is that for every app that’s blocked, employees are finding other, potentially riskier services to use in its place.

This is why it is important to have multiple application audits in order to keep your company safe. During these audits, IT departments often discover unknown services (some they’ve never heard of) and can carefully analyze each app’s risks and security controls.

Then, IT teams can make informed choices about what services to block or enable.

The likelihood that Shadow IT can be completely cleared from organizations is extremely slim. Instead, the goal should be to significantly reduce processes where employees bypass IT when completing their tasks, or manage the use of nontraditional processes.

Ultimately, IT departments will have to increase awareness and security through continuous investigations of their systems. Until there is true visibility of how much Shadow IT is going on, a cloud migration will be a constant battle of data loss.

During the discovery process, we recommend our cloud computing assistance. This can provide ongoing audits and results in quickly identifying new application services favored by employees so they can be enabled and eventually added to the approved Hybrid IT services menu under IT management. Click here for more information.