Shadow IT, or Stealth IT, is a term that refers to technology used within a business without the knowledge or authorization of the IT department. At first glance it might seem underhanded, but a lot of employees use Shadow IT for perfectly innocent reasons. In fact, you might be utilizing Shadow IT without even realizing it. Perhaps you were frustrated with how long it was taking for an awesome new interoffice chat method to be approved, so you decided to just set it up in the meantime. Or maybe your tech-savvy deskmate decided to automate a part of their process without going through the proper channels. There are countless reasons why employees might utilize Shadow IT, and it is rarely ever for nefarious purposes. It can even be beneficial for businesses, helping users such as yourself become more productive.
Utilized properly, Shadow IT can be a very good thing in the workplace — when employees encounter issues and areas of inefficiency, they come up with creative solutions to the problems. It’s a lot like having a second IT or development team, and many departments create systems that become critical to the success of their projects. But unfortunately, many employers fail to see the benefits. Rather than supporting the unofficial systems put in place, and finding a way to safely incorporate those systems, employers focus on how to get rid of and replace the systems that are already working, simply because those systems were not authorized.
Shadow IT will always persist in the workplace, and failing to embrace and properly manage the unofficial technology systems can lead to security breaches. The unofficial systems employees embrace might be incredibly beneficial, but as long as those systems are under the radar there is a lack of visibility and control over network elements. This lack of visibility and control can be especially dangerous because many Shadow IT solutions are not as private or secure as systems that have filtered through the official IT department.
Shadow IT cannot just be eliminated from the workplace — it will always be there in the background, so it needs to be properly recognized and managed. If you are aware of Shadow IT in your workplace, take initiative and work with leadership to properly harness the unofficial technology. We have three tips you can share with the people in charge to help legitimize the use of Shadow IT, and keep the workplace running smoothly.
Shadow IT is extremely common in the workplace, and using it correctly is important to maintaining strong cybersecurity. For additional ideas on how to do this, we have seven strategies you can implement from another recent blog post. Since OpenVPN’s cyber hygiene study, which revealed a lot of detrimental cybersecurity habits by employees, we’ve been focused on spreading the word on how important this topic is!
Finally, follow the advice from OpenVPN CEO Francis Dinha on educating your staff:
“Create a process everyone knows how to follow, including a two-factor authentication system, strong passwords, and access to a private network…Having the best security tech in the world will mean nothing if your staff isn’t taking it seriously.”
Cybersecurity is, after all, a team effort.