You can’t see it but you know it’s there, that unauthorized and prolific use of non-company technologies in the workplace. Despite the incriminating nature of this phenomenon, “Shadow IT” can actually be a positive and productive force in today’s work environment. In an executive brief sponsored by McAfee, the surprising truth about Shadow IT is brought into the light.
Origins of Shadow IT
Originally, the arrival of iPhones and iPads heralded an era where personal devices became a means of accessing business applications. These Software as a Service (SaaS) applications eventually led employers to introduce Bring Your Own Device (BYOD) policies to the workplace. But as personal devices grew in sophistication, employees took the BYOD concept further by using SaaS applications to fully replace company-sponsored software.
Benefits and Risks
Defined as Shadow IT, these SaaS applications have allowed employees in almost every company around the globe access to tools and systems beyond their respective IT departments' policies and monitoring. As outlined in the F&S survey, the benefits of SaaS are multifold, and include Ease of Access, Ease of Maintenance, Free or Low Cost, and Quick Deployment. Yet the risks and impacts of SaaS that are usually the sole concern of consumers are now the concern of businesses as well:
…the decisions users make in their personal lives generally affect only themselves. In a business setting, the decisions an employee makes can impact the entire corporation. This is why the stewards of corporate assets (who include not only IT, but also compliance, security, and general business executives) need to understand, assess, and respond to the risks associated with shadow IT.
Study of Impacts, Solutions
The brief goes on to list six ways in which Shadow IT impacts a company’s security posture. From the broad range of SaaS use among staff members to non-approved SaaS practices across all application types, the F&S survey presents data sets that illuminate the current pervasiveness of Shadow IT. The brief also addresses the steps that can be taken to retain Shadow IT as a productive force, while mitigating its associated risks.