WHAT IS SHADOW IT?
You probably haven’t heard the term “Shadow IT” before, but it’s something all organizations need to be concerned about. Shadow IT refers to unauthorized applications employees are using and downloading to help with work-related activities that involve company data. Such applications are often easy for anyone to purchase or enrol themselves into. These applications might even integrate with your organization’s critical applications and/or store company data such as client lists, emails, files etc.
SO WHY THE CONCERN?
The first might be data privacy, particularly if you are in a highly regulated industry like medical or financial services. Some employees could be storing company data in Dropbox or Google Drive, for instance. The second could be security. There are many apps that carry with them hidden malware which could wreak havoc on your network or steal confidential data.
Of course, there are many apps which are not bad and can be very useful. The point is that management needs to be aware of what is installed throughout the network and determine which apps are safe to use. Employees should be made aware of what applications are corporate-approved and that any other applications they wish to use must first be reviewed with respect to security and privacy concerns.
HOW TO CONTROL SHADOW IT
One method to help maintain control of the applications installed throughout your network is to disallow Local Administrator Access for the employee computers on your network. This, however, is not always possible where older applications are in use that require Local Administrator Access to function. It is also not possible where employees have been allowed to work from home and connect to your network using their personal computers. Those employees may want to install applications for personal use, therefore, won’t want to be locked down. We always advise clients against allowing personal use computers to connect to corporate networks in any case.
Where strict controls are not possible, a periodic review of software installed on your network is a good practice. Written policies about what applications are authorized is also advised. As a further note, be sure you are aware of all applications in use by each employee and that you are able to lock them out of those applications should they leave your organization. This will prevent any possible harm to your organization or data theft.