Business Security

Shadow IT and 'No' versus 'Know'

Business IT Research, 18 January 2017

Shadow IT has the potential to transform IT from 'too little, too late' to 'business enablement.'

In an information-based economy where bring your own devices (BYOD) and, increasingly, bring your own applications (BYOA) are the norm, IT groups are struggling to enable their organizations to be fast and flexible while protecting their digital assets. Shadow IT,  also referred to as rogue or cockroach IT, emcompasses the devices, software, and services outside the ownership or control of IT groups. While Shadow IT poses a significant threat to the management and security of organizations, it can also be a source of speed, agility, and freedom to enable business success.

Today’s business environment is the Wild West, with employees doing whatever they want, technologically speaking, in the lawless land. Shadow IT reaps a corporate bounty in lower IT costs, increased flexibility, speedier task completion, and a lot less hassle from IT, according to IDC Senior Research Analyst Mark Yates. Yates continues, "But ... companies end up paying dearly for these perceived benefits: No centralized IT oversight fortifies organizational silos, impeding cross-functional collaboration, and increasing security risks.”

The growth of Shadow IT reflects the transformation to an increasingly digital world where everybody and everything is being connected, including partners, suppliers, and customers. Fueled by the explosive growth of data and devices, digital transformation (DT) is changing everything, with the result that IT is no longer the business barrier keeping bad guys out, and the corporate jewels safe inside.

The acceleration and changes in the business environment, including the explosively growing threatscape of internal and external risks, also place increasing pressure on IT to be responsive to new and emerging challenges and opportunities. At the same time they must do more with less resources. So it’s no surprise that an underfunded and understaffed IT, faced with mounting and diverse demands, is sidestepped by people and departments looking for faster solutions to their business needs.

It’s a huge issue: More than 9 out of every 10 organizations (92 percent) are experiencing the effects of Shadow IT, according to a report from the Enterprise Strategy Group. ‘The consumerization of IT, fueled by knowledge worker mobility and the prevalence of cloud applications, has created the conditions for substantial employee use of applications not sanctioned by corporate IT groups’.

A more recent global survey of nearly 3,500 IT and IT security practitioners found that

  • Roughly half of all cloud services and corporate data stored in the cloud are not controlled by IT departments
  • Two-thirds of sensitive data stored in the cloud is left unencrypted
  • More than half of companies are not proactive in their compliance with privacy and security regulations for data in cloud environments
  • Only 21 percent of respondents said members of the corporate security team are involved in decisions regarding cloud applications or platforms

By 2019, the share of worldwide corporate IT spending that is funded by non-IT business units is forecast to reach 47 percent. IDC identifies two major types of technology spending – projects funded by IT and projects funded by technology buyers outside of IT. Joint IT projects can be funded by either IT or the functional business unit, while Shadow IT projects are funded from the functional area budget without the knowledge, involvement, or support of the IT department.

It appears that the benefits outweigh the risks when it comes to Shadow IT, as long as the appropriate policies and practices are in place to ensure proper management and governance to mitigate risks and protect critical data and assets. The IT department must transition from the Department of 'No' to the Department of 'Know,' enabling the business, in all its aspects, to be quick and agile, as well as secure.

Check 1 comments or write your comment

Discussion (1)