View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cloud
December 9, 2015

5 of the worst Shadow IT offenders

List: Shadow IT is real, Stealth IT is dangerous, read this essential list.

By Ellie Burns

The growth of consumerisation has given rise to a certain trend within enterprise IT – some call it Stealth IT, but most call it Shadow IT

Shadow IT describes technology used by employees which has not received explicit approval from the company, while Stealth IT, although similar, refers to technology approved by departments other than the IT department.

Be it stealth or shadow, CIOs seem to be struggling to keep a hold on this growing trend. A recent Logicalis survey found that 33% of CIOs globally are side-lined when it comes to IT purchasing decisions, with a huge 90% of global CIOs finding themselves by-passed by line of business at least sometimes.

The side affects of shadow IT are far-reaching, from the obvious cyber security issues with data, to wasted investment, inconsistent approach and even a brake or barrier to innovation.

CBR lists the 5 worst shadow IT offenders for those CIOs looking to regain the upper hand over shadow IT.

1. Business Productivity Apps

SaaS features heavily in this list and, with workers craving ease of use, collaboration and productivity, apps like Microsoft Office and Google Apps are fuelling the rise is shadow IT.

Employees may be getting work done more efficiently with productivity apps, but this use of third party apps poses serious risks to the business. A recent 2015 survey by IBM Security found that 1 in every 4 employees is linking these apps to his or her corporate login, leaving vast loopholes through which attackers can gain access to company networks. This problem is only going to get worse, with 51% of the growing millennial employee group frequently using cloud services for work purposes.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

2. File-sharing, storage and backup

Again resting under the SaaS category, online document sharing via applications such as Dropbox, Google Docs or Box put potentially sensitive corporate data outside of the corporate network leaving the business blind to who can access, edit and share that information.

In the aforementioned IBM Security study, 1 in every 3 Fortune 1000 employees regularly saves and shares company data to external cloud-based platforms, which their companies cannot track. A Stealth IT survey by Canopy found that 36% file sharing software and 33% archiving data expenditure were the main causes of shadow it in 2014.

3. USB Sticks

With all the technological advancements of cloud, mobile apps etc, it is the USB workplace stalwart that plays a big part in shadow IT. Portable storage such as USBs mirror the problems with cloud storage – the threat of data leaks and breaches, in addition to not knowing who is accessing, editing and sharing potentially sensitive corporate data.

Highlighting the dangers, one only need look at the Barclays USB which this year was found in the hands of fraudsters and contained the details of 13,000 customers.

4. Social Media

Led by Facebook and LinkedIn, a 2014 McAfee report on the truth behind shadow IT found that 12% of employees used social media platforms without IT’s approval. The same report found that 45% of employees in organisations with over 1,000 staff used Facebook, with 35% experiencing a security event through the social media platform.

We can only assume that these 2014 numbers have increased alongside the surge in mobile. One of the main dangers is that if cybercriminals attack and gain access to a third-party cloud application, they can steal corporate credentials and use them to directly access a company’s network.

5. Communications

MSN messenger, WhatsApp, Facebook Messenger, Skype and other online VIOP software is a good example of how consumer life and consumer expectation is infiltrating business, specifically in this case, corporate comms.

There are obvious data concerns with some services which are not encrypted, but the use of such consumer applications can undermine UC investments made by the business and further act to blur corporate and consumer lives.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.