Sign up for our newsletter
Technology / Cloud

5 of the worst Shadow IT offenders

The growth of consumerisation has given rise to a certain trend within enterprise IT – some call it Stealth IT, but most call it Shadow IT

Shadow IT describes technology used by employees which has not received explicit approval from the company, while Stealth IT, although similar, refers to technology approved by departments other than the IT department.

Be it stealth or shadow, CIOs seem to be struggling to keep a hold on this growing trend. A recent Logicalis survey found that 33% of CIOs globally are side-lined when it comes to IT purchasing decisions, with a huge 90% of global CIOs finding themselves by-passed by line of business at least sometimes.

The side affects of shadow IT are far-reaching, from the obvious cyber security issues with data, to wasted investment, inconsistent approach and even a brake or barrier to innovation.

White papers from our partners

CBR lists the 5 worst shadow IT offenders for those CIOs looking to regain the upper hand over shadow IT.

1. Business Productivity Apps

SaaS features heavily in this list and, with workers craving ease of use, collaboration and productivity, apps like Microsoft Office and Google Apps are fuelling the rise is shadow IT.

Employees may be getting work done more efficiently with productivity apps, but this use of third party apps poses serious risks to the business. A recent 2015 survey by IBM Security found that 1 in every 4 employees is linking these apps to his or her corporate login, leaving vast loopholes through which attackers can gain access to company networks. This problem is only going to get worse, with 51% of the growing millennial employee group frequently using cloud services for work purposes.

2. File-sharing, storage and backup

Again resting under the SaaS category, online document sharing via applications such as Dropbox, Google Docs or Box put potentially sensitive corporate data outside of the corporate network leaving the business blind to who can access, edit and share that information.

In the aforementioned IBM Security study, 1 in every 3 Fortune 1000 employees regularly saves and shares company data to external cloud-based platforms, which their companies cannot track. A Stealth IT survey by Canopy found that 36% file sharing software and 33% archiving data expenditure were the main causes of shadow it in 2014.

3. USB Sticks

With all the technological advancements of cloud, mobile apps etc, it is the USB workplace stalwart that plays a big part in shadow IT. Portable storage such as USBs mirror the problems with cloud storage – the threat of data leaks and breaches, in addition to not knowing who is accessing, editing and sharing potentially sensitive corporate data.

Highlighting the dangers, one only need look at the Barclays USB which this year was found in the hands of fraudsters and contained the details of 13,000 customers.

4. Social Media

Led by Facebook and LinkedIn, a 2014 McAfee report on the truth behind shadow IT found that 12% of employees used social media platforms without IT’s approval. The same report found that 45% of employees in organisations with over 1,000 staff used Facebook, with 35% experiencing a security event through the social media platform.

We can only assume that these 2014 numbers have increased alongside the surge in mobile. One of the main dangers is that if cybercriminals attack and gain access to a third-party cloud application, they can steal corporate credentials and use them to directly access a company’s network.

5. Communications

MSN messenger, WhatsApp, Facebook Messenger, Skype and other online VIOP software is a good example of how consumer life and consumer expectation is infiltrating business, specifically in this case, corporate comms.

There are obvious data concerns with some services which are not encrypted, but the use of such consumer applications can undermine UC investments made by the business and further act to blur corporate and consumer lives.
This article is from the CBROnline archive: some formatting and images may not be present.