How to deal with shadow IT
More and more employees are using their own devices at the office with a variety of applications and the accompanying risks to security and privacy.
More and more employees are using their own devices at the office with a variety of applications and the accompanying risks to security and privacy. As an IT manager, you would prefer to prohibit the use of all of those apps in your organisation. Regrettably, however, this both impossible and unwise. It is better to take inventory of the devices and apps and to block apps where necessary before they can do any damage.
Shadow IT has existed for as long as computers have been used on the work floor. When it all began, employees brought floppy disks with their favourite programmes, which thus found their way to the company network. Today many companies have a Bring Your Own Device (BOYD) policy, often accompanied by the proliferation of apps and devices. Employees are increasingly skilled in discovering, downloading and using their own favourite apps. All of those devices, apps and cloud-based services make life very difficult for the IT department.
Why is Shadow IT harmful?
On average, hundreds of different apps are used in organisations. More than 70 percent of employees use apps that have not been approved by the IT department.
If the IT department has poor insight into the devices and applications being used in the organisation, this can create serious security issues. In 2016, Gartner predicted that some 33 percent of all cyber attacks in companies would be caused by Shadow IT in 2020.
Moreover, there is a risk that sensitive company information could be leaked through the use of apps. This is not only undesirable, but also a violation of the GDPR.
Lastly, the use of a variety of apps that all have the same purpose within an organisation is not very efficient. Productivity does not benefit from various employees or different departments using their own apps for sharing files or working together.
Not everything about Shadow IT is harmful, however.
Shadow IT cannot be stopped.
Does this mean that the IT department should simply block all unknown apps? As appealing as that sounds, in practice it is difficult to achieve, and undesirable to boot.
Employees will always find a way to bring their favourite apps into the organisation. Moreover, people are simply more productive when they have the tools that are exactly right for the job. Sometimes those tools are apps that work better than the apps used within the organisation. Some employees are keen to always keep abreast of the latest developments. You could also consider Shadow IT a kind of barometer that gauges which apps the employees need.
Detection is important
Shadow IT also having positive aspects does not change the fact that it is important to have insight into the devices and apps being used within an organisation. If you want to manage all network devices centrally from the cloud, Cisco Meraki access points are a good choice. Security incidents can be immediately identified and resolved with a single click.
The Meraki access points can be used in combination with Umbrella: a cloud-based security platform. This is your first line of defence against Internet threats. Cisco Umbrella provides a complete overview of all Internet activities from all locations and devices and by users, and blocks threats when they reach the network.
Clear overviews provide insight into the apps being used and which of those apps have a high risk content. Any undesired apps can then be blocked by means of a few clicks.
Want to know more about Meraki?
We will be happy to assist you.