Why Half of Your Software Could be Shadow IT (And How to Take Back Control)

With businesses of all sizes relying more heavily than ever on digital solutions, the number of applications used by businesses will naturally also be on the rise. Yet for many business, it could well be the case that the IT department does not know what applications are being used within their business - and this could be opening them up to a wide range of risks.

The problem of so-called 'shadow IT' is not a new one, but as end users become more confident in their own ability to use digital tools, they are more likely to go off on their own to find solutions that meet their preferred way of working.

This may be a bigger issue than many IT professionals realize. According to Symantec's 2017 Internet Security Threat Report, chief information security officers estimate as many as one in five employees may be using unsanctioned applications. But in fact, it estimated workers could be using up to 1,000 different applications - only one percent of which will have been officially approved.

Understanding the reasons behind shadow IT

Shadow IT is broadly defined as any software applications that are used in a business without the knowledge or approval of the IT department. In practice, this could cover a wide range of solutions, from a pair of colleagues using a free third-party app to discuss work-related matters outside the approved instant messaging software, to entire departments procuring and running expensive applications without IT's input.

While individual employees selecting their own solutions can cause issues, it is often larger departments going behind IT's back that pose the biggest risks. They may do this because they feel constrained by the restrictions their IT department has in place, or they think they've found a better solution and want to get it deployed as quickly as possible.

According to figures from Forrester, this practice is widespread.  It found that 50 percent of enterprises buy software without the direct involvement of their IT department. With many more technology providers now looking to promote their offerings directly to business units rather than IT professionals, it is easier than ever for non-IT managers to procure their own solutions, up to and including the most expensive and complex enterprise tools.

Why this matters for your business

There are several reasons why the use of shadow IT is bad for business. One of the most obvious is the security implications that this can cause. If the IT department is not involved in the evaluation and testing of an app, they cannot determine whether it contains vulnerabilities that could compromise sensitive data - or even worse, if it is actively malicious. For instance, researchers recently identified 50 apps available on the Google Play store that contained malware, which were downloaded 4.2 million times before being discovered.

However, this is just one of the problems that can arise as the result of shadow IT. Forrester's study noted that inexperienced managers often fail to perform due diligence on the agreements they sign, which can leave businesses without vital protections, especially when negotiating cloud contracts.

For instance, the company highlights issues such as businesses facing large price hikes for Software-as-a-Service applications because managers failed to secure price commitments beyond the initial term, or companies that have effectively paid ransoms to providers to renew their contracts or face losing their data.

There are also problems of interoperability to consider. If different departments have all chosen different applications and ways of doing things, this results in a highly siloed IT environment, where it can be very difficult to collaborate and transfer data across teams. This can result in poorer efficiency, data duplication and the risk of errors occurring if manual processes are required to connect incompatible applications.

What can your business do about it

Tackling shadow IT is therefore an essential practice for any IT department. But this can prove to be a much more difficult task than professionals imagine. Simply setting out clear policies on this and making it a requirement that IT is involved will often not be enough. After all, many IT departments will already have such processes in place, and still find they are being bypassed by individuals and business units who believe they will be able to more effectively manage on their own.

Instead of imposing top-down demands on other departments, it may therefore be a better idea to promote a more collaborative approach to IT procurement, where they work closely with other departments to determine what their needs are and find the best solution.

This can be beneficial as business units are still able to identify the most appropriate tools for their way of working, while they can still lean on the expertise of IT professionals when it comes to issues such as negotiating contracts and ensuring the chosen solution will be able to integrate with the rest of the enterprise.

Working closely with other units and helping to educate non-IT managers on the risks associated with going it alone ensures that everyone is fully aware of what their responsibilities are. Finding the right IT solutions is not an easy task - particularly in an environment where there are so many options available. But with tools such as cloud applications more complex than ever, the skills of the IT department are essential to a successful deployment.