That Mysterious Shadow IT: 10 Things IT Administrators Need to Know

That Mysterious Shadow IT: 10 Things IT Administrators Need to Know
Myth No. 1: Shadow IT Is for Shady Characters
Myth No. 2: Shadow IT Is a Bad Thing
Myth No. 3: Shadow IT's Biggest Risk Is BYOD
Myth No. 4: Shadow IT Is Just Uploading Corporate Content to Box, Dropbox
Myth No. 5: Shadow IT Is Strictly a Security Issue
Myth No. 6: Shadow IT Means Individuals Are Skirting the Rules
Myth No. 7: Shadow IT Comprises Third-Party Tools Solely
Myth No. 8: Shadow IT Causes Regulatory Problems for an Enterprise
Myth No. 9: If You Block Cloud Apps, Shadow IT Will Go Away
Myth No. 10: IT Can Never Let Users Go Rogue
1 of 11

That Mysterious Shadow IT: 10 Things IT Administrators Need to Know

By Chris Preimesberger

2 of 11

Myth No. 1: Shadow IT Is for Shady Characters

Have you ever used your personal smartphone at work? Is your department the lone Google Docs adopter in the company? Guess what? That's shadow IT. People using apps and devices for business without IT being aware aren't nefarious; they're just people trying to get jobs done fast and affordably using the most convenient tools available.

3 of 11

Myth No. 2: Shadow IT Is a Bad Thing

When people first began using Yahoo Messenger at work, IT administrators didn't like it. Today, IM has become a valuable communications tool across workplaces. Shadow IT technologies such as mobile devices and unsanctioned cloud apps aren't meant to do harm but are being used to save time and make employees more efficient.

4 of 11

Myth No. 3: Shadow IT's Biggest Risk Is BYOD

The oft-heard bring-your-own-device (BYOD) concern is that someone will download content onto a mobile device and then lose the device. With passcodes and encryption, that's yesterday's problem. Uploading and sharing sensitive content in cloud apps is much more risky.

5 of 11

Myth No. 4: Shadow IT Is Just Uploading Corporate Content to Box, Dropbox

Because cloud storage apps are popular, content sharing is a well-known shadow IT problem. But shadow IT isn't just about sharing files. It includes everything from medical companies using big data tools to crunch clinical trial data to unauthorized individuals downloading employee data from HR apps and business divisions adopting unsanctioned ERP apps.

6 of 11

Myth No. 5: Shadow IT Is Strictly a Security Issue

While shadow IT can cause security problems such as data leaks, it can also create inefficiencies and get in the way of optimizing IT delivery. When line-of-business people buy separate instances of the same apps or redundant apps, the organization can't take advantage of cost efficiencies or identify areas for optimizing performance and usage.

7 of 11

Myth No. 6: Shadow IT Means Individuals Are Skirting the Rules

Sure, individuals perpetuate shadow IT. But entire divisions and lines of business are also culprits, buying and deploying instances of unsanctioned apps. For example, the marketing department at Brocade shared presentations with executives and external collaborators via Box.com out of convenience before realizing that IT needed to be involved for security oversight.

8 of 11

Myth No. 7: Shadow IT Comprises Third-Party Tools Solely

Increasingly, organizations—even at the division and remote-office level—are developing their own cloud or mobile apps. This is often outside of IT's purview, and IT may not learn of it until there's a performance problem or security breach.

9 of 11

Myth No. 8: Shadow IT Causes Regulatory Problems for an Enterprise

True, shadow IT that's run amok can create compliance holes. However, if IT can monitor and be assured that authorized employees have proper access to systems and data, and sensitive content is properly protected, it can ensure and report on regulatory compliance.

10 of 11

Myth No. 9: If You Block Cloud Apps, Shadow IT Will Go Away

Because people love their cloud apps (or at least like them very, very much), they will bypass onerous security policies to be able to use them. A truism in IT: Blocking never works. It's much better to find a way to allow employees to use the apps, even if only under specified conditions. That's one reason Vegas.com embraces the cloud-based model and allows employees to use hundreds of apps of their choosing.

11 of 11

Myth No. 10: IT Can Never Let Users Go Rogue

If IT can understand user activity and ensure that the right policies are enforced, it can let users go rogue with the apps they love. Take Universal Music Group as an example: When producers there needed cloud apps such as SoundCloud, for instance, to send content back and forth with artists and musicians, UMG adopted technology that let employees use such apps instead of banning them outright. Employees there now are using more than 500 apps of their choice at work, all sanctioned by IT.

Top White Papers and Webcasts