Shadow IT, also known as phantom IT, is a phenomenon that happens when an individual uses unauthorized software or tools to perform company-related work. For example, in the course of project work, a team member may store work on Dropbox or Google Docs, or use a chat tool such as Slack to communicate with contacts outside of the company.
Shadow IT, also known as phantom IT, has grown with the implementation of cloud-based applications and services, the increase in BYOD and, of course, the explosion of remote-work environments. Shadow IT extends beyond work applications to employees’ personal devices such as smart phones, laptops, or tablets, and it's the combination of these things specifically that makes shadow IT a problem.
The main reason why people engage in shadow IT is actually fairly innocent, as it's really so that they can get their work done more efficiently. People seek unapproved software and applications because the current solutions are not meeting their needs. And while posing serious security risks, these new products may also boost productivity giving your company a competitive edge. Most don’t realize that they could be creating a security issue by Skyping from their laptop, streaming movies or games, or using an independent tool for communicating. While shadow IT can help improve employee productivity and drive innovation, it can also introduce serious security risks to your organization through data leaks, potential compliance violations, and gaps in support and configuration.
Unsupported hardware and software are not subject to the same security measures as supported technologies. Basically, if IT isn’t aware of an application, they can’t support or troubleshoot it and they can’t ensure that it’s secure or in compliance with other company software and systems. Typically, when we decide to implement new software or systems, we put it through a great deal of research in terms of security, reliability, and supportability, as well as costs, comparables, and community feedback.
Some practices to help minimize your risk include:
Shadow IT is not necessarily a negative thing in your company, but it’s not great. It is an indicator that you have gaps in your infrastructure, plus it creates a security risk especially if you have consultants working on their own devices. The best approach to this problem is to embrace the opportunities it presents while recognizing the risks that it may pose.