What is Shadow IT?
Unless you’re in a technical or IT role, you might not be familiar with the term Shadow IT. Have you ever been sent a Facebook message about company business? Have you been sent links to content in private Dropbox spaces? Essentially, Shadow IT is the use of systems, infrastructure or applications for business purposes that are outside of the control of the organisation’s governance.
When would you experience Shadow IT as a user?
Shadow IT is not a new thing. You might not know when you’ve experienced it, but here’s a few examples:
- When you bypass your organisation’s file storage to share content
- When you save a business file to a personal storage space
- Having access to business data and communications on non-approved personal devices
- Downloading an application without formal approval
Why does it exist?
Shadow IT simply exists because staff want to get on with their jobs. It exists because corporate systems don’t adequately support the ways of working that staff expect. It exists because people get frustrated by being forced to jump through too many hoops. Many businesses do not have the capacity to serve every business requirement but failing to do so often causes staff to look elsewhere for tools to support their work.
In Symantec’s 2018 Shadow Data Report, it was found that “68% of organizations have some employees who exhibit high-risk behaviour in their cloud accounts. High-risk behaviour includes activities that can indicate data destruction, data exfiltration, and account takeovers.” Although difficult to prevent altogether, there are a series of sensible steps you can take to help govern your company activity and avoid Shadow IT.