Those who run IT departments have what I like to call ‘the burden of knowledge’. They know what can go wrong and how wrong it can go, so they also know how important it is to put the right safeguards in place to prevent that from happening.
Other departments don’t have this experience and when it comes to implementing IT, they only think about the front-end. Enter Shadow IT.
It’s a well-established issue now and one brought on by the advent of the cloud and the software-as-a-service (SaaS) applications that came with it. Other factors include the growth of BYOD culture within organisations and the wider consumerisation of IT.
Gartner predicts that by 2020, one in three cyberattacks will be made via shadow IT resources within the business. Agents of cybercrime know it’s a weak point and they’re willing to exploit it.
The big offenders
While no specific department is exempt from blame, our experience with customers suggests marketing departments are one of the biggest perpetrators of this practice, followed closely by HR and finance.
It comes as no surprise – some of the biggest drivers of shadow IT are business productivity apps such as Microsoft Office or Google Docs; file-sharing, storage and back-up apps like Dropbox; and social media platforms – many of which are viewed as part-and-parcel of daily work in these departments.
The problem is that without the approval and input of IT, using these apps can pose a threat to the business. Other departments tend to think more about the front-end, what the app can do rather than the necessary security, infrastructure and back-up that’s needed to prevent any issues or outages.
IT knows this side all too well – an experienced systems developer or integrator may have faced that march to the CEO’s office after an outage that has had a negative impact on the business to explain what went wrong.
Outages are just the beginning too. Shadow IT can lead to data loss, issues with compliance and data sovereignty, privacy breaches, and conflict with the company’s wider IT strategy.
I discuss more about the value of the IT department and avoiding Shadow IT, amid the increasing complexity of technology, in this article.