Managed Security-Fighting Shadow IT

The Risk of

Shadow IT

The Risk of Shadow IT

Are you aware of all the technology that is used within your company? Unauthorized information technology and systems deployed by others than the IT department, so called Shadow IT, poses a lot of risks for your business. In this article we explain how to manage the challenges of Shadow IT.

A Dark Shadow in IT

Shadow IT is a huge problem according to Gartner:

  • Cisco reports that enterprises typically use more than 1,200 cloud services – with over 98% of these Shadow IT
  • A Logicalis CIO survey suggests 90% of CIOs are frequently bypassed by line of business in IT decisions

    Unauthorized Software

    Shadow IT is well known to a technical audience. High level, it’s a term that refers to all tools brought into a business under the radar of IT approval. The most prevalent form of shadow IT involves cloud services, and the many free or low-cost apps available from SaaS providers.

    Typical examples include the use of:

    • Online messaging apps (WhatsApp, Facebook Messenger etc.)
    • Email messaging tools (Gmail, myMail etc.)
    • Document sharing tools (DropBox, Google Docs etc.)
    • Voice over IP software (Skype, Zoom etc.)

    In Search of Capabilities

    It should be noted that most users enter the murky world of shadow IT with good intentions. Business users rely on unauthorized technologies to help them:

    • Save time, get jobs done, meet tight deadlines
    • Access and share data quickly, often remotely
    • Avoid complex IT policies and ‘going through IT’
    • Work with tools that they’re familiar with (and easy to purchase)

    In many ways, this activity can be viewed as an inevitable legacy of BYOD practices. Where people became familiar with finding their own solutions. They also became skilled inside stepping IT, or finding workarounds for any perceived shortfall in capability.

    Worst of all (from an IT perspective at least), users have become less patient, more informed, and definitely more inventive!

    Managing Software Assets

    The challenge for CIOs and IT teams is therefore two-fold:

    • Short-term: to accurately detect and catalogue all software instances running in their organizations
    • Long-term: to ensure the business has access to the full range of tools and services it needs to function properly

    The first point can be quickly addressed with a Cloud & Software Asset Management (SAM) assessment. From here you can quickly build a detailed picture of all ‘live’ assets and conduct an analysis of the security and data compliance risks connected to any unauthorized deployments.

    The second point requires a more strategic analysis of usage patterns, again based on a thorough Cloud & SAM assessment. Do this right, and you’ll be in a position to align budgets to actual need, reduce a significant security and compliance risk, while also ensuring you’re better prepared for any future software audit.

    Enhance Performance, Reduce Risk

    Shadow IT partly stems from user frustrations with the existing tools at their disposal. But the introduction of any unauthorized/unsupported software also brings with it huge risks into the business – risks that end up being ‘owned’ by the CIO or senior IT leaders.

    What you need is external support for investigating the issue, for understanding cause and effect, and for finding a sensible long-term solution. As experts in Cloud & SAM assessments, SoftwareONE can help you quickly get to grips with what software is running in your organization and provide practical recommendations for avoiding any unwanted surprises.

    Do You Know the Status of Your Software Inventory?

    Discover our Software Asset Management Services and visit our SAM website. Contact our SAM team and discuss together how to optimize your software portfolio.

    Contact our Software Asset Managament team

    Reageer op dit artikel

    Laat een reactie achter om ons te laten weten wat je van dit onderwerp vindt!

    Laat een bericht achter


    Peter Verbeeck, Author SoftwareONE Blog

    Peter Verbeeck

    IT-Security Solution Advisor

    IT-Security Solution Advisor

    Related Articles

    Meerlagen EDR (XDR)
    • 30 juli 2020
    • William Jansen
    • Managed Security, Cybersecurity
    • Security, Endpoint Management

    What's next: Meerlagen-Endpoint Detection and Response (XDR)

    In zijn vorige blog “Next-Gen”- EDR gaf William Jansen de verschillen aan met Endpoint security, SIEM en de uitdagingen met standalone EDR-oplossingen. Nu gaat William in op de trend richting Managed Detection and Response, Cross Layer…

    Enterprise PyraCloud DSCSimple

    Een labyrint van complexe licentiemodellen en veranderlijke marges

    Grote organisaties maken steeds vaker de transitie van on-premise naar de cloud. De cloud voegt waarde toe, maar brengt ook complexiteit en hoge kosten met zich mee. Dave Leur en Lowin Vermeulen vertellen je hoe je blijvend het maximale uit…

    Endpoint Detection and Response (EDR)
    • 12 juni 2020
    • William Jansen
    • Cybersecurity, Managed Security
    • Security, Cyber-Threats, Endpoint Management

    Kennis is macht, inzicht met Endpoint Detection and Response geeft kracht.

    Vaak is een endpoint device de belangrijkste ingang die gebruikt wordt door cyberaanvallers. Endpoint Detection and Response is een toolset voor opsporen, voorkomen en detecteren van bedreigingen. Lees meer hierover in de blog van William Jansen.