Why Your Team is Using Shadow IT (and How to Curb it)

Posted on 9 July 2020

Do you know what tools your employees are really using in their day-to-day work? Shadow IT is on the rise and putting your organisation at risk. 


As our exposure to various workplace apps and platforms has continued to grow, so too has the prevalence of Shadow IT. But what exactly is Shadow IT? Simply put, it’s when software, apps, and other services are used by your employees without the ownership, control, or sometimes even the awareness of your IT department.


According to a Microsoft survey, 80% of employees contribute towards Shadow IT by using unapproved apps for and at work. Elsewhere, 61% of cloud apps go unnoticed by corporate IT departments, meaning there’s no way to check if these apps are in line with your security and compliance policies – frightening stuff.


The Dangers of the Dark Side


What’s so scary about your employees using unsanctioned apps – especially if it helps them to get the job done – you ask? The answer is both simple and devastating in the impact:


  • Lack of Security: Your IT team can’t ensure the security of software that they’re unaware of. With unsanctioned apps, data is often stored unencrypted, with only a basic password standing between your corporate information and an army of hackers. Not to mention that staff could be unwittingly sharing sensitive information through public links.
  • Potential Data Loss: Crucial corporate data could be stored on unsanctioned apps with no backups, no recovery, and no data protection. With some apps, there could even be issues regarding who legally owns the data too.
  • Unaware Means Unmanaged: Unsanctioned apps fall outside of the IT department’s upgrade ecosystem, preventing anybody from ensuring that holes are patched, errors are prevented, and that the app in question is in good working order.
  • Financial Waste: Many of these unapproved apps duplicate the functionality of services that have been approved (and paid for) by your organisation, increasing costs and diversifying resources – not great for collaboration with teammates.
  • Compliance Issues: Complying with GDPR is critical for every business, however many apps fail to meet international and industry requirements, which could cause additional financial issues in the form of fines.
  • The Scale of the Issue: Shadow IT is reportedly used over 1000 times every day within networks in 30% of businesses in the UK. Industry analyst Gartner even predicted that, this year, a third of successful attacks on businesses will be via their Shadow IT.



Why Your Team is Using Shadow IT

If your employees are turning to unsanctioned work management and communication apps, there’s clearly a gap in addressing individual work needs.


From retail workers organising shifts via WhatsApp and Facebook, to office employees using task manager apps like Asana, Trello, and Slack – staff are turning to these services because they’re well known and easy to use, but that doesn’t mean they or their less-trusted counterparts are secure.


Employees may prefer other tools, want to increase their efficiency, or feel like they’re not being listened to so have worked out a better way of working by themselves. Employees want to work smarter and communicate easier, and office email just doesn’t cut the mustard anymore.



How Do We Curb Shadow IT?

As with any sweeping organisational change, communication is key. Educate staff on the dangers of using unsanctioned apps, while ensuring basic cybersecurity awareness is a part of their training and onboarding.


Meanwhile, it pays to ask after the shortcomings in your current solutions where employees have found a need for Shadow IT. Often, there’s a solution already available but going unused – such as Microsoft Teams for staying in touch and collaborating securely, as opposed to social media accounts.


Elsewhere, it’s time to give control back to the IT department. Cloud-based apps have certainly increased productivity for the modern workforce, but it’s essential that your IT department can keep up with what’s going on. Using a cloud access security broker, like Microsoft Cloud App Security (MCAS) – part of Microsoft’s Enterprise Mobility & Security E5 suite – will empower your IT team with the tools they need to shine a light on cloud apps and services.


With MCAS, they have visibility into the apps used in your organisation, and are able to assess the associated risk with the help of detailed analytics. This helps them to make an informed decision to either sanction or block any app, protecting your organisation quickly and easily.


Shadow IT can be a tricky beast to eliminate entirely, but it helps to start at the root cause. Why are your team members using it? Are they aware of the risks? Is there a more secure option it can be replaced with?


Knowledge is power, and when curbing Shadow IT, the first thing you need is visibility into what’s going on in your organisation. This awareness, as well as the right tech, can give you the insights you need to understand Shadow IT and prevent it from ever darkening your doorstep again.


In the dark about the use of Shadow IT in your organisation? We can help. Get in touch to talk to a member of our team and we’ll help shine a light on the situation.



A few people we've already done it for