Shadow IT Is Putting Your Enterprise Security At Risk
The term may be newer, but the practice has been going on for decades. Shadow IT is the practice of enterprise departments or personnel conducting their own tech initiatives without the knowledge of the actual Information Technology department.
And while that may create a boost in productivity – employees using the tools they need to be most efficient – it’s also promoting massive security risks to the business.
As the tech industry grows – myriad applications, mobile devices, connected “things” – so do potential target points for malware, ransomware, and hackers in general, all without the enterprise’s IT department knowing.
It’s currently estimated that 40-percent of all IT spending at a company is coming from outside the IT department, according to advisory firm CEB. Using that data, the IT department is in control of 60-percent of the spend, but will always be tasked with 100-percent of the security for the enterprise.
A data breach from a business unit IT will result in financial liabilities affecting the organization’s bottom line, says Gartner analyst Brian Lowans in a blog post. Those liabilities can be a large mix of costs that include notification penalties, auditing, loss of revenue, security remediation and other large line items.
One way to keep these risks under control, Lowans says, is to ensure data security governance is applied appropriately and proportionately for each business unit. Some employees may not even realize they’re creating a “shadow IT” incident by just transferring a file via DropBox or memory stick, which leads to the need for organization-wide security.
Generating security awareness to ensure employees understand the risks and how to minimize them is one step in curtailing any breaches or vulnerabilities, but having the IT department become more involved in the business’s ability to enable a self-service workflow, which aids in putting all departments on the same page.