Categories ArticlesSecurity

Shadow IT returns with a vengeance during COVID-19

The virus itself has been bad enough. But now that businesses that have transitioned, ready or not, to a remote work office environment, they are faced with another rapidly spreading plague. I’m talking about Shadow IT.

“Shadow IT is when a business goes out on its own, without involving IT, to get digital or IT resources themselves,” says Aaron Kamphuis, data analytics and IoT practice manager at OST, a business and IT consulting firm that helps customers bridge the distance between insights, technology, and strategy in smart, meaningful ways that yield transformative results. “This means,” continues Aaron “that the business will either hire vendors directly or purchase software solutions, without consulting or collaborating with IT.” What’s the result of this endzone runaround of your IT team’s controls and restrictions? “It creates pockets of technology use around the enterprise without the involvement or governance of an IT team.” And that’s something that every CEO should fear knowing there are always lawyers lurking around hidden in the bushes outside.

In fact, it’s been predicted by Gartner that one-third of security breaches by 2020 is going to come into organizations through the use of Shadow IT services. And as business move toward supporting an entirely remote workforce amid the COVOD-19 pandemic, the probability of workers reaching out to IT for advice on how what cloud services they can use will likely diminish. Which, in turn, may lead to an increasing use of Shadow IT. And it’s a fact that not all cloud services providers are created equal; they can vary a great deal in the level of security they provide for their users. And when non-IT staff members decide to take cloud development into their own hands, they often look for the cheapest and easiest solution instead of properly vetting what’s available. The result can put their organization’s data at risk.

I asked Aaron to elaborate more on the subject of what Shadow IT is and why many businesses are concerned about it. “Businesses should be concerned with Shadow IT from a governance and security risk standpoint,” Aaron says. “Because if you have company or customer sensitive information that is located in technology services that aren’t under the governance of IT, there is potential for the information not to be protected or handled properly.

“Another concern is you get a certain amount of portfolio management when you go through a central IT organization, and this allows you to negotiate better pricing and leverage resources that are already available through your company. Whereas if a department goes out on its own, it doesn’t have insight into the purchasing power or the resources that are already available and may acquire services that are less financially responsible for the company.

“Furthermore, often with Shadow IT resources, the acquisition of technology is just the first phase, companies also have to deploy the use of it. And if a business unit purchases an IT service with the idea that they are just simply going to use it without consulting IT, this can cause issues in terms of business continuity, degradation of services, and lack of security protocol. IT is then brought in during crisis mode to fix something they had no role in implementing. This causes issues because IT could be unfamiliar with the system or have to spend resources they did not budget for.”

The big question for all of us who work in corporate IT these days is how the current situation is affecting the security and integrity of the infrastructures we support — and indirectly our jobs as a result. So, I asked Aaron next whether he thought that the problems associated with Shadow IT have increased in recent months because of more and more employees working from home due to the coronavirus crisis. “Absolutely,” replied Aaron. “If you look at operation models of companies pre-COVID, everything was emphasized around on-premises with some enablement for a distributed workforce. COVID flipped that balance overnight as all of a sudden, everyone was working from home.

“Because of this shift, the productivity tools, computing tools, and workstations that people needed went from being dependent on on-premise management to everything needing to be distributed. The result was that companies had this huge scramble in the weeks following the lockdown of trying to get workers set up to be able to work securely from home. As a result, they had to prioritize getting employees back to work over properly vetting new technology initiatives. With how quickly the technology needed to be implemented, businesses weren’t thinking about the ramifications of new technology, leading of course to Shadow IT. So basically, COVID-19 was the perfect time for Shadow IT.”

It’s no use focusing on a problem if you don’t also try to come up with a solution. I finished my discussion with Aaron about Shadow IT by asking him what sort of strategies, techniques, or technologies businesses can use to minimize the dangers of Shadow IT when their employees start working from home instead of at the office. Aaron responded to this with the kind of realistic perspective that those of us in the IT field are familiar with from long, hard experience. “The reality is that Shadow IT is not going to go away, while the expectation for businesses to be more in control of their acquisition of digital IT resources is going to increase. My advice to IT is to somewhat embrace Shadow IT, finding a balance between the IT processes, centers of excellence, and governance that they provide. IT teams need to be more involved in these processes and more influential so that instead of going around IT so that departments can look to them as an advisor that supports the business. That way, when businesses need to move quickly, IT has the mechanism and mindset to do that, but it doesn’t undermine principles such as managing risk. In short, building a better partnership with business leaders will allow IT departments to use Shadow IT to its advantage.”

For more analysis of the kinds of problems associated with Shadow IT and some constructive ways that businesses can deal with the problem, check out these other articles on our TechGenix website:

Featured image: Shutterstock

Mitch Tulloch

Mitch Tulloch is Senior Editor of both WServerNews and FitITproNews and is a widely recognized expert on Windows Server and cloud technologies. He has written more than a thousand articles and has authored or been series editor for over 50 books for Microsoft Press and other publishers. Mitch has also been a twelve-time recipient of the Microsoft Most Valuable Professional (MVP) award in the technical category of Cloud and Datacenter Management. He currently runs an IT content development business in Winnipeg, Canada.

Published by
Mitch Tulloch

Recent Posts

Generation 1 virtual machines: Modernize them and bring them up to date

In many companies, Generation 1 virtual machines have been superseded by Gen 2 VMs. But…

12 hours ago

Free VPNs from Hong Kong with ‘no-log policy’ experience data leak

With these free VPNs based in Hong Kong, you may not be paying any money…

15 hours ago

Azure DevOps tips and tricks: Using built-in features

These Azure DevOps tips and tricks come fresh from the field where they have been…

18 hours ago

Diebold Nixdorf ATMs targeted by jackpotting attacks

ATM manufacturer Diebold Nixdorf says its European machines are being hit by jackpotting attacks, where…

1 day ago

Allow a home computer to connect to your Azure SQL server/database

In these days where remote computing has become crucial, you can connect your home computer…

2 days ago

Migrating to Microsoft 365? Get the ball rolling with a trial tenant

Many companies still using Exchange Server are thinking of moving to Microsoft 365. You can…

2 days ago