What is Shadow IT?
Shadow IT is the notion of users of an organisation going out finding technology on their own without the backing of IT because they do not have the technology inhouse to solve a problem
Some example of this are
· Users not being able to share files between themselves or publically with thirdparties easily so they install and move company documents to services such as Dropbox Free Edition
· Users purchasing a new Mobile Phone with software that doesn’t support Mobile device management and wanting company email setup.
· Users unable to chat to each other so they install Skype for calls and chat inside the office also sharing files using this
· Users uploading and converting documents to ZamZar because they needed to quickly convert a customers document to another format such as pdf.
How does this effect my company?
Most of the above examples involve company data being uploaded to third party services were the company loses control of the data and possibly releases confidential customer data to the public.
Implementing the wrong solution
Most of the time the solution implmented will be the first solution a user finds on a quick search on google. Not only does this pose a risk of a user downloading and installing malware trying to find a program to fix their problem ( something like Dropbox or Chrome does not need Local Administrator to install) but it actually could be the wrong solution in the first place. By the time other users in the organisation have jumped onboard and uploaded more data , the company could then need this application for day to day running of the business and it could then need migrating to a correct application at more cost.
If everyone in the organisation installs dropbox , this not only now needs space on all computers to sync the library, but substantial bandwidth requirments on all the computers. If someone uploads a large file externally which has been shared with multiple users in the company than this can saturate the office internet connection.
Breach of License Use
An example of this is a user isn’t enabled from remote access to their computer. They install TeamViewer themselves so they can work on a document from home without having to go through the setup process of two factor authentication. All this is possible if the company has not blocked teamviewer using the firewall, but Teamviewer Free is actually not valid for commerial use , so in an license Audit the company could be found for breach of the License Agreement.
Ways to resolve
The main reason of users going out and finding technology themselves ( which is usually free as this needs no manager approval ) is they are finding a solution to a problem their existing enviroment cannot solve. Instead of denying technology to users which causes this problem in the first place , IT should work with the company to cost out a solution that will be supported and maintained interally from the start.
When planning a service to resolve a problem, maybe due to budget requirments, a free service might need to be piloted or used. IT can make sure they use a business email account to sign up to this service so the business still retains control of the login on the users departure.
Policies can be setup for a hardware standard that is fully support and tested with the companies applications and services. Once this policy is approved by management, policies can be enabled on Firewalls to stop access to unauthorised sites and blocking of applications. A policy for BYOD ( Bring Your Own Device ) Should be formalised for so recommations can be passed down in regards to supported operating systems and hardware.
IT should always be kept up to date with new technology whether it be software/services or hardware to be able to recommend technology to the business that will ease their day to day work.