Servers & Systems: The Right Compute

What is shadow IT? Protecting your business from an invisible threat

Protect your SMB from shadow IT_blog_shutterstock_248776741.jpg

The term "shadow IT" describes employees' use of personal software or hardware devices (smartphones, tablets, or other mobile devices) and applications for job functions, instead of the systems provided and supported by their employers. Shadow IT includes, for example, unauthorized use of Skype or unsanctioned file-sharing by plugging a personally-owned USB flash drive into a company computer. In many cases, the IT team is ignorant of such activity until a technical issue arises.

Regardless of the situation, it's clear that sensitive business data is at a huge risk when this activity occurs. Unauthorized downloads can immediately compromise valuable information and increase the likelihood of cybertheft and exposure to dangerous viruses and malware. According to CSO, shadow IT can also interrupt business continuity by requiring the IT department to locate all the various components of its shadow footprint should an incident occur.

Why do employees engage in this behavior? For the most part, they're simply unaware of the risks involved, but others are motivated to work around perceived time-consuming protocols instituted by the company's IT team. When the approval process takes longer than the desired action, such as a simple download, employees can be tempted to take shortcuts. The IT team should mitigate this by providing solutions that help align employee activity with the risk-avoidance goals of the organization at large.

Addressing shadow IT with solutions

Today, employee use of personal devices poses a serious challenge for IT teams. A partial solution involves a more effective, company-wide approach to communicating the inherent risks of shadow IT. This means creating, applying, and enforcing a comprehensive policy covering all mobile devices employees bring to work every day.

The solution can also involve recognizing the ubiquity of such unsanctioned use and seeking solutions that pose little hindrance to employee productivity. Rather than acting as the gatekeeper of new technologies, consider finding solutions that don't put valuable data at risk, such as:

  • Identifying unauthorized applications used by employees and assessing the security, auditability, and business continuity capabilities of these apps.
  • Implementing and enforcing policies that block risky user activity, such as "upload," "share," and "download" functionalities. This approach often requires gaining a deeper understanding of individual employee and team needs and introducing employees to acceptable and secure resources they probably know nothing about, including products and solutions that automate policy across networks and block unwanted activity.
  • Creating and disseminating a detailed catalog of approved in-house and outside applications to help close the information gap. This strategy will likely make people's jobs easier in addition to improving data security, making it more likely to be embraced by employees.

Shadow IT should not just be regarded as a liability, according to ITProPortal, because it can benefit users and boost productivity. Instead, businesses should dig deeper into the problems employees need to solve and determine if their chosen solutions might actually be superior to currently approved resources. Then the IT department can take steps to manage this practice and turn it into an asset. When the IT team paints a clear picture of potential threats and presents accessible, easy-to-use technology solutions, employees will be far less motivated to fall back on their personal devices or apps.

Discover affordable IT solutions for your business.

Ready to take the next step? Check out the SMB Hybrid IT for Dummies Guide. Because there are no “dumb” questions!

Or are you ready to purchase? Visit the HPE Store.

Robert Checketts
Hewlett Packard Enterprise

0 Kudos
About the Author


Robert has over 25+ years of IT Marketing and Product Management leadership experience spanning country, Regional and WW organizations. Robert is a marketing executive with extensive experience in field marketing, channel marketing and product marketing on a global basis and is driven to deliver SMB’s end-to-end affordable infrastructure that’s secure from the start, optimized for every workload, packaged for many consumption models, ready to scale, and easy to manage.