That Mysterious Shadow IT: 10 Things IT Administrators Need to Know

 
 
By Chris Preimesberger  |  Posted 2013-12-17 Email Print this article Print
 
 
 
 
 
 
 
 

The term "shadow IT" sounds ominous. It conjures up images of half-opened doors leading to dark rooms and strangers lurking where they don't belong. Shadow IT actually is legitimate IT software and/or services--often in the cloud--based outside of an enterprise environment and with no connection to centralized security. Executives are already nervous about hackers and internal data leaks; they don't need anything else to worry about. However, as menacing as the shadow IT trend seems to be, it really shouldn't be. Shadow IT is used pretty much everywhere by people who have the best of intentions. It's time to acknowledge it, understand it, safeguard it and use it to the best advantage for the employees, IT managers and the organization as a whole. Embracing shadow IT can be illuminating and liberating, even for the most cautious of organizations. This eWEEK slide show discusses some of the most common myths with the aim to calm fears with perspectives from Sanjay Beri, CEO and co-founder of Netskope, a Los Altos, Calif.-based cloud provider of Web app analytics and monitoring services.

 
 
 
  • That Mysterious Shadow IT: 10 Things IT Administrators Need to Know

    By Chris Preimesberger
    That Mysterious Shadow IT: 10 Things IT Administrators Need to Know
  • Myth No. 1: Shadow IT Is for Shady Characters

    Have you ever used your personal smartphone at work? Is your department the lone Google Docs adopter in the company? Guess what? That's shadow IT. People using apps and devices for business without IT being aware aren't nefarious; they're just people trying to get jobs done fast and affordably using the most convenient tools available.
    Myth No. 1: Shadow IT Is for Shady Characters
  • Myth No. 2: Shadow IT Is a Bad Thing

    When people first began using Yahoo Messenger at work, IT administrators didn't like it. Today, IM has become a valuable communications tool across workplaces. Shadow IT technologies such as mobile devices and unsanctioned cloud apps aren't meant to do harm but are being used to save time and make employees more efficient.
    Myth No. 2: Shadow IT Is a Bad Thing
  • Myth No. 3: Shadow IT's Biggest Risk Is BYOD

    The oft-heard bring-your-own-device (BYOD) concern is that someone will download content onto a mobile device and then lose the device. With passcodes and encryption, that's yesterday's problem. Uploading and sharing sensitive content in cloud apps is much more risky.
    Myth No. 3: Shadow IT's Biggest Risk Is BYOD
  • Myth No. 4: Shadow IT Is Just Uploading Corporate Content to Box, Dropbox

    Because cloud storage apps are popular, content sharing is a well-known shadow IT problem. But shadow IT isn't just about sharing files. It includes everything from medical companies using big data tools to crunch clinical trial data to unauthorized individuals downloading employee data from HR apps and business divisions adopting unsanctioned ERP apps.
    Myth No. 4: Shadow IT Is Just Uploading Corporate Content to Box, Dropbox
  • Myth No. 5: Shadow IT Is Strictly a Security Issue

    While shadow IT can cause security problems such as data leaks, it can also create inefficiencies and get in the way of optimizing IT delivery. When line-of-business people buy separate instances of the same apps or redundant apps, the organization can't take advantage of cost efficiencies or identify areas for optimizing performance and usage.
    Myth No. 5: Shadow IT Is Strictly a Security Issue
  • Myth No. 6: Shadow IT Means Individuals Are Skirting the Rules

    Sure, individuals perpetuate shadow IT. But entire divisions and lines of business are also culprits, buying and deploying instances of unsanctioned apps. For example, the marketing department at Brocade shared presentations with executives and external collaborators via Box.com out of convenience before realizing that IT needed to be involved for security oversight.
    Myth No. 6: Shadow IT Means Individuals Are Skirting the Rules
  • Myth No. 7: Shadow IT Comprises Third-Party Tools Solely

    Increasingly, organizations—even at the division and remote-office level—are developing their own cloud or mobile apps. This is often outside of IT's purview, and IT may not learn of it until there's a performance problem or security breach.
    Myth No. 7: Shadow IT Comprises Third-Party Tools Solely
  • Myth No. 8: Shadow IT Causes Regulatory Problems for an Enterprise

    True, shadow IT that's run amok can create compliance holes. However, if IT can monitor and be assured that authorized employees have proper access to systems and data, and sensitive content is properly protected, it can ensure and report on regulatory compliance.
    Myth No. 8: Shadow IT Causes Regulatory Problems for an Enterprise
  • Myth No. 9: If You Block Cloud Apps, Shadow IT Will Go Away

    Because people love their cloud apps (or at least like them very, very much), they will bypass onerous security policies to be able to use them. A truism in IT: Blocking never works. It's much better to find a way to allow employees to use the apps, even if only under specified conditions. That's one reason Vegas.com embraces the cloud-based model and allows employees to use hundreds of apps of their choosing.
    Myth No. 9: If You Block Cloud Apps, Shadow IT Will Go Away
  • Myth No. 10: IT Can Never Let Users Go Rogue

    If IT can understand user activity and ensure that the right policies are enforced, it can let users go rogue with the apps they love. Take Universal Music Group as an example: When producers there needed cloud apps such as SoundCloud, for instance, to send content back and forth with artists and musicians, UMG adopted technology that let employees use such apps instead of banning them outright. Employees there now are using more than 500 apps of their choice at work, all sanctioned by IT.
    Myth No. 10: IT Can Never Let Users Go Rogue
 
 
 
 
 
Chris Preimesberger Chris Preimesberger was named Editor-in-Chief of Features & Analysis at eWEEK in November 2011. Previously he served eWEEK as Senior Writer, covering a range of IT sectors that include data center systems, cloud computing, storage, virtualization, green IT, e-discovery and IT governance. His blog, Storage Station, is considered a go-to information source. Chris won a national Folio Award for magazine writing in November 2011 for a cover story on Salesforce.com and CEO-founder Marc Benioff, and he has served as a judge for the SIIA Codie Awards since 2005. In previous IT journalism, Chris was a founding editor of both IT Manager's Journal and DevX.com and was managing editor of Software Development magazine. His diverse resume also includes: sportswriter for the Los Angeles Daily News, covering NCAA and NBA basketball, television critic for the Palo Alto Times Tribune, and Sports Information Director at Stanford University. He has served as a correspondent for The Associated Press, covering Stanford and NCAA tournament basketball, since 1983. He has covered a number of major events, including the 1984 Democratic National Convention, a Presidential press conference at the White House in 1993, the Emmy Awards (three times), two Rose Bowls, the Fiesta Bowl, several NCAA men's and women's basketball tournaments, a Formula One Grand Prix auto race, a heavyweight boxing championship bout (Ali vs. Spinks, 1978), and the 1985 Super Bowl. A 1975 graduate of Pepperdine University in Malibu, Calif., Chris has won more than a dozen regional and national awards for his work. He and his wife, Rebecca, have four children and reside in Redwood City, Calif.Follow on Twitter: editingwhiz
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel