How to combat shadow IT

Google Logo
The growth in enterprise mobility has fueled shadow IT.

These days, there's an app for everything - and everyone is taking advantage of them. And why not? After all, apps tend to make our lives run smoother. The ease of creating accounts coupled with their availability means that people are signing up for new services all the time - and this applies to business employees as well. But when these purchases happen without the knowledge of the IT department, that leads to a problem. 

"Apps are central in the workplace."

An evolving workplace 
The widespread availability of web-based apps is leading to changes in the workplace. Now more than ever, the typical employee is someone who consistently leverages apps not just in order to make their life easier and more productive, but their work as well.

In many ways, this can be beneficial, particularly for companies that are prepared to keep up with the times. As an industry report released in June pointed out, future-focused enterprises are increasingly looking for ways to integrate new tech in the workplace. From company instant messaging to video conferences, businesses are pursuing strategies that capitalize on app functionality in order to pave the way for better business. 

But for businesses that are slower to warm to company-boosting tech like enterprise apps, this reticence is where problems can begin. That's because if employees are not given intuitive apps that make their jobs easier, then they will seek out these solutions on their own - even if they endanger security. This is a phenomenon known as shadow IT, which, if left unchecked, can pose a significant risk to enterprise security.

The prevalence of shadow IT
As TechTarget has explained, shadow IT happens when employees or a particular department are using hardware or software that hasn't been formally vetted by IT. In recent years, the move toward bring your own device (BYOD) has created a working environment where staffers expect to be able to use their personal devices for business purposes. The growing prominence of BYOD has increased the presence of shadow IT. 

For many employees, shadow IT represents a problem-solving method: Faced with a business task for which there's no solutions-based app within the enterprise, the worker downloads an app to meet their specific need. This trend can be productive, but it also carries inherent risks. 

Why it's cause for concern
Here's the problematic element of shadow IT: When technology is used without the IT department's knowledge or participation, the tech will be totally unsupported. Therefore, any security measures that a company's IT department applies to company-vetted apps won't extend to apps acquired outside the IT framework - which significantly heightens a business's chance of a network attack.

As TechNewsWorld reported, the potential risks associated with shadow IT are real causes for concern. In a shadow IT scenario, IT departments lose the centralized oversight they should wield, which can place business systems at high risk of an intrusion via the compromising of individual users' identities. For companies dealing with shadow IT, the possibility of attacks like "Man in the Cloud" intrusions - in which malicious actors take advantage of poor identity guarding to access online accounts - can rise significantly. 

"Consumerization of IT and BYOD are accelerating the rate at which traditional endpoint and network solutions are becoming blind to the kinds of threats that are out there," said industry analyst Morgan Gerhart.

What businesses can do to stop it

"Shadow IT points to an issue with a company's IT department."


For businesses, shadow IT is not the problem of the employees who participate in it. As InformationWeek contributor Andrew Froehlich asserted, it points to an issue with a company's IT department

"It's high time that IT decision-makers admit our shortcomings and learn to address the reasons that Shadow IT has cropped up in the first place," Froehlich said.

One of the main factors that has given rise to shadow IT is the slowness of enterprise IT departments to meet the mobile needs of today. This has to change. When it comes to enterprise mobility deployments, the numbers are very much on the rise. As a Technavio analysis forecasted, enterprise mobility is set to increase at a compound annual growth rate of around 18.5 percent between 2014 and 2019. In terms of businesses, this means there will only be greater employee expectations about having easy-to-use enterprise apps at their disposal. 

With Bitium's centralized application and identity management, IT departments can ensure that employee's needs are met while also having the visibility over all apps to cement security and efficiency. By offering employees a unified hub for enterprise apps - one equipped with top-tier password management - they help take shadow IT out of the equation and pave the way to better and safer business.