Here is a blog by our friend Joe Stangarone of mrc's Cup of Joe Blog. He writes about the dangers of shadow aka stealth IT and how to spot it. Shadow IT is basically software and services that enter your company network without your knowledge or permission. Here is his blog....
Summary: A growing trend, “Shadow IT” is a term used to describe IT systems and solutions built and/or used inside organizations without the approval of the IT department. This could include anything from employees emailing spreadsheets back and forth to entire departments licensing third-party, cloud solutions behind IT’s back. The problem: Since Shadow IT usually happens on the sneak, IT departments don’t know where (or how much) it’s happening. Is Shadow IT lurking in your business? Read this article to learn the warning signs.
Like it or not, Shadow IT is probably alive and well in your organization. Recent surveys find that it’s not only growing, it’s far more rampant than business leaders realize.
What can you do about it? In past articles, we’ve explored a few ways to address and reduce risks of Shadow IT. We’ve looked at:
- Ways to prevent Shadow IT.
- How to reduce security risks of Shadow IT.
- The benefits of embracing Shadow IT.
That being said, there’s still a problem: You can’t address Shadow IT if you can’t see it. How do you know whether or not Shadow IT lurks in your company?
It’s a tricky question. After all, Shadow IT usually happens on the sneak. Generally speaking, IT departments don’t know where (or how much) it’s happening. This means they can’t monitor the spread of company data, and therefore–cannot secure any data involved in Shadow IT.
How can you figure out whether or not Shadow IT exists in your company? What signs should you look for? Today, let’s answer those questions. Here are 5 signs that Shadow IT lurks in your business.
1. Users talk about it
I hesitate to include this point because it seems obvious. But, I feel like it’s common enough (and important enough) to mention. Let me explain:
The fact is, many employees practice “Shadow IT” without realizing that it’s wrong. They either aren’t aware of, or don’t understand your corporate policies on the use of unauthorized hardware/software in the workplace.
Is this a problem in your business? Could users be unaware that they’re practicing Shadow IT. Ask yourself a few questions:
- “Do we have a clear Shadow IT policy?”
- “Have we communicated that policy to the end users?”
- “Does the IT department have open communication with the business users?”
Many businesses struggle in one of these key areas. As a result, users aren’t entirely sure when they are practicing Shadow IT. In some cases, they don’t even know that it’s wrong.
The first sign that Shadow IT lurks in your business is a simple one. Users will tell you about it. Of course, this means that your IT department must have open communication with end users. But, you’ll find that asking users what software they’re using is a great way to uncover Shadow IT.
“A very simple and practical way to discover shadow IT is to go ask the users,” says Oli Thordarson, President, CEO of Alvaka Networks, Inc. “This has the added benefit of getting IT staff out talking to users and learning more about their needs. The IT staff will learn a lot and the users will feel good that they are being asked and listened to.”
Besides talking to end users, what else should you do? First, create a clear Shadow IT policy. Second, communicate that policy with your employees, but keep the dialogue open. For instance, you could include a survey that asks employees which tools they use and what goals they’re trying to accomplish with those tools. Then you understand how to give employees secure alternatives to meet their needs.
Click here to read the rest if the story on 5 warning signs that Shadow IT lurks in your company