It’s a new term, but an old concept: the phrase “shadow IT” refers to employees using computing methods not previously approved by the company to work more efficiently. Sometimes used interchangeably with the term “stealth IT,” IT departments are often kept in the dark about these methods, only finding out once it’s too late. But if employees are getting their work done, what can be so bad about it?
Shadow IT is looked upon by many as being an initial source of innovation as such means occasionally evolve into prototypes for future approved IT solutions. However, many of these measures are out of line with the organization’s control, documentation, and security requirements. This is particularly important for companies in the finance and healthcare industries, where the use of unofficial data devices compromise compliance-centric initiatives such as the Health Insurance Portability and Accountability Act (HIPAA) and the International Financial Reporting Standards (IFRS).
The term “unofficial data devices” covers a wide range of implementations, from portable storage devices, online messaging software, unapproved online e-mail services, document sharing utilities and self-developed databases, and even undocumented spreadsheets.
Security risks most often present themselves when sensitive data and applications are moved outside their designated protected networks. For example, if Human Resource Manager Carol exports a secure Excel spreadsheet from its designated location within the company’s cloud server and saves it to a folder within Google Drive, this would technically be considered an act of shadow IT.
Most commonly, employees use shadow IT measures because they assume that there are no other ways to perform their job more effectively. As such, countless individuals send documents via email to their personal address to continue working from home, even if they know that this is likely not allowed by their organization’s policy standards.
If employees are efficient and productive, what could be wrong with shadow IT? Besides the security risks stated above, some other implications of shadow IT include wasted time, investment, and inefficiencies. So let’s discuss this more thoroughly.
If Carol updated her spreadsheet from Google Drive and sent it to her assistant, who then edited and sent it back, Carol would more than likely have to spend some time verifying the accuracy of the data included and fixing inconsistencies in formatting. This is a significant amount of time wasted. Furthermore, as more individuals view, modify and re-upload the document through various means, errors will increase exponentially due to a lack of stringent testing and control. This is a simply illogical business practice.
The use of shadow IT applications restricts an organization’s return on investment (ROI). For example, if an IT department spends $1,000 on new software hosted within their in-house server environment with the sole purpose of scheduling meetings, and Secretary Rachel uses Google Calendar, the ROI is next to nothing. This wasted money will either be passed onto customers through increased prices or to the employees through decreased wages. No one wins.
Because applications used by those performing shadow IT are not frequently audited, there is a high risk of data loss, or even worse, data leaks. Additionally, shadow IT can serve as a barrier to the adoption of new technology.
If your company has implemented new software or applications and strictly disapproves of other programs, give the regulated ones a try. It can certainly be hard to try new things, especially if you are set in your ways, but more often than not, the employees within your IT department know what they’re doing. If you find that these new implementations do not work and you would like to go back to old applications, say something! If anything, you’ll be appreciated in the corporate world for inputting suggestions and speaking your mind.
If you are a business owner and have problems with employees performing acts of shadow IT, consider moving to the Cloud if you have not done so already. Embrace the cloud! Why? Most employees utilize cloud-based applications—most often Google Drive, email applications, and Skype, to name a few—when participating in Shadow IT.
By moving to the Cloud, your applications and commonly used software will be hosted in the readily available Cloud environment. So, for example, Carol will be able to access and manipulate the same spreadsheet from her home office on the weekends that she can edit from the office during the workweek. Also, your data will remain secure and compliant with industry standards.
Atlantic.Net’s VPS hosting solutions provide corporations with peace of mind knowing that employees will have a secure and private environment for all of their storage needs. Our private Clouds are configured using the most high-tech hardware and software, utilizing custom configurations to increase portability and flexibility for you. In addition, your applications will reside on architecture custom-tailored and dedicated to your individual use.
Our state-of-the-art data center is SSAE 16 (SOC 1) TYPE II (formerly SAS 70) compliant, monitored via multiple security measures 24/7, and climate-controlled. To see how you can start HIPAA compliant hosting in seconds, give our web hosting professionals a call today at 1-800-521-5881.