How to overcome Shadow IT security risks

How to overcome Shadow IT security risks

In The Shadow Over Innsmouth, renowned American horror writer H.P. Lovecraft tells how an unsuspecting student uncovers the dark secrets of the old fishing village of Innsmouth, Massachusetts during one of his travels. While on vacation there, he stumbles upon an evil undersea civilization ruled by an ancient god whose very existence could spell the end of the human race.

Like the events in Lovecraft’s novella, there’s a shadow hanging over the IT world that threatens the very core of many small businesses. That looming presence can create a host of problems ranging from security risks and performance issues to data loss and compliance disputes. Some people refer to this dark cloud as Stealth IT or Client IT, but it is more popularly known as Shadow IT.

Shadow IT is a growing problem that affects all kinds of businesses. Gartner, a leading research and advisory company, said that by 2020, a third of successful attacks experienced by companies will be on their Shadow IT resources. Cisco Systems, Inc. added that over 98 percent of more than 1,200 cloud services used by companies fall under that dark category.

Shedding light on Shadow IT

What is Shadow IT anyway, and what makes it a security threat? It’s the name for IT systems, technologies, or applications used by employees that are not endorsed or approved by the company’s IT department. These unauthorized tools may include hardware, software, web services, and cloud applications that employees rely on to complete their tasks.

Examples of Shadow IT are personal devices like smartphones, tablets, and USB devices. Other popular Shadow apps are cloud services like Google Docs or Dropbox, Gmail and other online email services, and instant messaging services like Viber, WhatsApp, and Skype.

In its study of Shadow apps, Skyhigh Networks found that the average employee uses 16.8 cloud services. This includes 2.9 content sharing services, 2.8 collaboration services, 2.6 social media services, and 1.3 file sharing services.

Employees turn to Shadow IT to increase productivity. In most cases, they want instant access to hardware, software, or a web service without going through the usual office red tape or time-consuming procedures to acquire these tools. Others feel that approved company apps are slower or incompatible with their personal devices, while some are more comfortable working with familiar apps.

Risks of Shadow IT

Like Lovecraft’s mythical monsters, unapproved devices and apps are deadly. Office security is compromised when personal hardware and software are used, such as storing critical files in your own Google Drive account.

Since the IT department doesn’t know this, it cannot check the system for vulnerabilities or weak spots that may be exploited by hackers. Sensitive information can easily be stolen without anyone knowing.

Worse, the IT department can’t create backups for something that it is unaware of. If critical files are not properly backed up, their loss could disrupt a company’s day-to-day operations or cripple the organization.

Performance issues may also be encountered, since Shadow solutions may be incompatible with the company’s IT infrastructure. This can create tension between the IT department and non-IT staff using unapproved apps, and may discourage the adoption of new technologies that are beneficial to the organization.

Integration is the answer

It is difficult to stop something that has not been identified or is not known to exist. This is the reason Shadow solutions have eluded IT experts for years. Rather than condemn what employees use, businesses must find a way to deal with the problem. Offices must create an effective inventory and asset management system to identify beneficial Shadow apps that can be integrated into the system. This is one way to keep the problem from growing.

Concerned about Shadow IT and other security problems? Talk to our experts at Safebit Solutions, Inc. We specialize in solid security solutions that will keep your data safe from cybercriminals. We also offer advanced yet affordable IT managed services, IT consulting, and network support, and have served many small businesses in the Houston–Baytown–Conroe area. Don’t wait for your network to be compromised! Consult us today for all your technology needs.