Ben Hatton Why managing ‘shadow IT’ is good for data security

October 5, 2015 by · Leave a Comment 

BYOD stats

BYOD is exploding, and with it the prevalence of shadow IT (image courtesy of ReadWrite)

Shadow IT is something that has become prevalent in many different organizations, due to the growth of corporate BYOD policies as well as the evolving needs that many employees have from a data and technology standpoint. These needs typically revolve around the ability to do one’s job more efficiently, and they are often met by the use 3rd party applications, or personal mobile devices. However, these tools are often used without the knowledge or consent of the company’s IT department. This can leave your IT department “in the dark,” and hence the phrase “shadow IT.”

As you can imagine, this presents a daunting security challenge, especially in light of the growing risk of data breaches that all businesses face today. As a business, you need to safeguard your data (and who has access to it) as well as possible, and part of this involves reining in and managing any shadow IT that may be occurring within your organization.

Here are some tips for managing shadow IT within your own company:

  • Establish specific policies on outside applications and devices. It is very important to accommodate for shadow IT within your company’s written policies and procedures. This should include the procedure that employees must follow when considering outside software options, what your company’s internal application review process looks like (if applicable), and a listing of any “approved” pieces of software that your company may choose to accept (more on that below).
  • Monitor your network for new software/devices in use. Having reliable monitoring in place will give you visibility into what devices and applications are being used on your network, allowing you to detect when new applications or devices are in use by employees. You can’t manage what you can’t see to begin with, so network monitoring is an absolute requirement when trying to manage shadow IT.
  • Evaluate and measure any new applications against your internal compliance requirements. Like any company that takes its data protection and security seriously, you probably already have specific standards when it comes to the types of software that you allow your employees to utilize on your network. If you are in healthcare or financial services, you also have a wide range of strict compliance requirements that apply to software usage as well. If you find that many of your employees are using outside applications to improve their overall efficiency and productivity (like Slack for instance), it can be beneficial to create a listing of outside applications that are “approved” for your employees to use if they desire. Prior to doing this, you will want to conduct a thorough review of the application itself to ensure that it is secure, supported, and compliant with your own compliance standards.

Shadow IT is poised to become more and more prevalent in today’s technology climate, and in light of the climate’s continually evolving security demands, it’s vital that you stay on top of any shadow IT in your own organization. With the right planning and policies, it is something that can be both monitored and maintained.

If your company has dealt with or is currently dealing with managing your own shadow IT, we’d be curious to learn how you are working through and managing that. Leave us a comment below!

Share this with your friends!

Share on Facebook Share on Twitter Share on LinkedIn Share on Google+


Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!